When testing support for print data structures using patches
later in this series, I hit NULL pointer dereference bugs when
printing "struct sk_buff". The problem seems to revolve around
that structure's use of a zero-length array in the middle of
the data structure - headers_start[0].
We see in btf_type_id_size() we consult btf->resolved_ids and
btf->resolved_sizes; both of which are not used in kernel
vmlinux BTF so should not be used when handling vmlinux
BTF data.
Signed-off-by: Alan Maguire <alan.maguire@xxxxxxxxxx>
---
kernel/bpf/btf.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 50080ad..a474839 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -1170,7 +1170,7 @@ const struct btf_type *btf_type_id_size(const struct btf *btf,
if (btf_type_has_size(size_type)) {
size = size_type->size;
- } else if (btf_type_is_array(size_type)) {
+ } else if (btf_type_is_array(size_type) && btf->resolved_sizes) {
size = btf->resolved_sizes[size_type_id];
} else if (btf_type_is_ptr(size_type)) {
size = sizeof(void *);
@@ -1179,6 +1179,9 @@ const struct btf_type *btf_type_id_size(const struct btf *btf,
!btf_type_is_var(size_type)))
return NULL;
+ if (!btf->resolved_ids)
+ return NULL;
+
size_type_id = btf->resolved_ids[size_type_id];
size_type = btf_type_by_id(btf, size_type_id);
if (btf_type_nosize_or_null(size_type))
--
1.8.3.1
