On Tue, Nov 2, 2021 at 11:06 PM Yonghong Song <yhs@xxxxxx> wrote: > > > > On 11/2/21 5:10 PM, Andrii Nakryiko wrote: > > If BTF is corrupted DATASEC's variable type ID might be incorrect. > > Prevent this easy to detect situation with extra NULL check. > > Reported by oss-fuzz project. > > > > Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx> > > Ack with a nit below. > Acked-by: Yonghong Song <yhs@xxxxxx> > > > --- > > tools/lib/bpf/libbpf.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c > > index 71f5a009010a..4537ce6d54ce 100644 > > --- a/tools/lib/bpf/libbpf.c > > +++ b/tools/lib/bpf/libbpf.c > > @@ -2754,7 +2754,7 @@ static int btf_fixup_datasec(struct bpf_object *obj, struct btf *btf, > > t_var = btf__type_by_id(btf, vsi->type); > > var = btf_var(t_var); > > Can we move the above 'var = ...' assignment after below if statement? it's safe as is because btf_var() is equivalent to pointer casting. I considered doing a check before btf_var() cast, but that would require a separate if and pr_debug statements which felt like an overkill. > > > > > - if (!btf_is_var(t_var)) { > > + if (!t_var || !btf_is_var(t_var)) { > > pr_debug("Non-VAR type seen in section %s\n", name); > > return -EINVAL; > > } > >