From dfb91eacc4582d45bff19f3aab7d843540acf550 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Tue, 26 Nov 2019 14:14:51 +0100 Subject: pkg/ipc: fix potential nil deref We've got the following crash: panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x7d30ba] goroutine 75 [running]: github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc000c68cb0, 0xc0001a4d20, 0xc00147a000, 0x1f28, 0x200000, 0x0, 0x0, 0xc00170a000, 0x1000000, 0x1000000, ...) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:783 +0x7ca github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc0002de240, 0xc0001a4d20, 0xc016c2f440, 0x11, 0xc00019c7e0, 0x40, 0x1, 0xc016b6f590, 0x30, 0xc01615cc40) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:280 +0x104 main.(*Proc).executeRaw(0xc0012a45c0, 0xc0001a4d20, 0xc016c2f440, 0x1, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:292 +0x1f3 main.(*Proc).execute(0xc0012a45c0, 0xc0001a4d20, 0xc016c2f440, 0x0, 0x1, 0x1) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x6a main.(*Proc).loop(0xc0012a45c0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:101 +0x4df created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x1153 err can be nil even if hang=true in case of a narrow race: we decided to kill the process, but it finished successfully meanwhile. --- pkg/ipc/ipc.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'pkg') diff --git a/pkg/ipc/ipc.go b/pkg/ipc/ipc.go index b6bc45b25..8b3a925e7 100644 --- a/pkg/ipc/ipc.go +++ b/pkg/ipc/ipc.go @@ -780,8 +780,10 @@ func (c *command) exec(opts *ExecOpts, progData []byte) (output []byte, hanged b output = <-c.readDone if err := c.wait(); <-hang { hanged = true - output = append(output, []byte(err.Error())...) - output = append(output, '\n') + if err != nil { + output = append(output, err.Error()...) + output = append(output, '\n') + } return } if exitStatus == -1 { -- cgit mrf-deployment