Bug 1082524 - Do not deref null pointers in link_map. r=nfroyd
authorMike Hommey <mh+mozilla@glandium.org>
Sat, 18 Oct 2014 09:27:55 +0900
changeset 211092 4701a7ff7279da046154b22062ea8f60c9b8a9b3
parent 211091 cde524d5ce6411c5183342dda8442a2be564dfcf
child 211093 887c54a2dc05ae9d1c6a45d06ce988e957461d03
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewersnfroyd
bugs1082524
milestone36.0a1
Bug 1082524 - Do not deref null pointers in link_map. r=nfroyd
mozglue/linker/ElfLoader.cpp
--- a/mozglue/linker/ElfLoader.cpp
+++ b/mozglue/linker/ElfLoader.cpp
@@ -880,26 +880,28 @@ void
 ElfLoader::DebuggerHelper::Remove(ElfLoader::link_map *map)
 {
   if (!dbg->r_brk)
     return;
   dbg->r_state = r_debug::RT_DELETE;
   dbg->r_brk();
   if (dbg->r_map == map)
     dbg->r_map = map->l_next;
-  else
+  else if (map->l_prev) {
     map->l_prev->l_next = map->l_next;
+  }
   if (map == firstAdded) {
     firstAdded = map->l_prev;
     /* When removing the first added library, its l_next is going to be
      * data handled by the system linker, and that data may be read-only */
     EnsureWritable w(&map->l_next->l_prev);
     map->l_next->l_prev = map->l_prev;
-  } else
+  } else if (map->l_next) {
     map->l_next->l_prev = map->l_prev;
+  }
   dbg->r_state = r_debug::RT_CONSISTENT;
   dbg->r_brk();
 }
 
 #if defined(ANDROID)
 /* As some system libraries may be calling signal() or sigaction() to
  * set a SIGSEGV handler, effectively breaking MappableSeekableZStream,
  * or worse, restore our SIGSEGV handler with wrong flags (which using