ctf segfaults

	PR 30228
	PR 30229
	* ctf-open.c (ctf_bufopen_internal): Check for NULL cts_data.
	* ctf-archive.c (ctf_arc_bufpreamble, ctf_arc_bufopen): Likewise.

2 files changed, 8 insertions, 5 deletions

diff --git a/libctf/ctf-archive.c b/libctf/ctf-archive.c
index abae90d..54c49b3 100644
--- a/libctf/ctf-archive.c
+++ b/libctf/ctf-archive.c
@@ -402,8 +402,9 @@ ctf_arc_symsect_endianness (ctf_archive_t *arc, int little_endian)
 const ctf_preamble_t *
 ctf_arc_bufpreamble (const ctf_sect_t *ctfsect)
 {
-  if (ctfsect->cts_size > sizeof (uint64_t) &&
-      (le64toh ((*(uint64_t *) ctfsect->cts_data)) == CTFA_MAGIC))
+  if (ctfsect->cts_data != NULL
+      && ctfsect->cts_size > sizeof (uint64_t)
+      && (le64toh ((*(uint64_t *) ctfsect->cts_data)) == CTFA_MAGIC))
     {
       struct ctf_archive *arc = (struct ctf_archive *) ctfsect->cts_data;
       return (const ctf_preamble_t *) ((char *) arc + le64toh (arc->ctfa_ctfs)
@@ -424,8 +425,9 @@ ctf_arc_bufopen (const ctf_sect_t *ctfsect, const ctf_sect_t *symsect,
   int is_archive;
   ctf_dict_t *fp = NULL;
 
-  if (ctfsect->cts_size > sizeof (uint64_t) &&
-      (le64toh ((*(uint64_t *) ctfsect->cts_data)) == CTFA_MAGIC))
+  if (ctfsect->cts_data != NULL
+      && ctfsect->cts_size > sizeof (uint64_t)
+      && (le64toh ((*(uint64_t *) ctfsect->cts_data)) == CTFA_MAGIC))
     {
       /* The archive is mmappable, so this operation is trivial.
 
diff --git a/libctf/ctf-open.c b/libctf/ctf-open.c
index 5bcf0dd..35f635b 100644
--- a/libctf/ctf-open.c
+++ b/libctf/ctf-open.c
@@ -1354,7 +1354,8 @@ ctf_bufopen_internal (const ctf_sect_t *ctfsect, const ctf_sect_t *symsect,
   if (strsect != NULL && strsect->cts_data == NULL)
     return (ctf_set_open_errno (errp, ECTF_STRBAD));
 
-  if (ctfsect->cts_size < sizeof (ctf_preamble_t))
+  if (ctfsect->cts_data == NULL
+      || ctfsect->cts_size < sizeof (ctf_preamble_t))
     return (ctf_set_open_errno (errp, ECTF_NOCTFBUF));
 
   pp = (const ctf_preamble_t *) ctfsect->cts_data;