Hi; Coverity detected an issue in contrib/elf2dmp/main.c (CID 1398641).
In this loop:
for (; KernBase >= 0xfffff78000000000; KernBase -= PAGE_SIZE) {
nt_start_addr = va_space_resolve(&vs, KernBase);
if (!nt_start_addr) {
continue;
}
if (*(uint16_t *)nt_start_addr == 0x5a4d) { /* MZ */
break;
}
}
we might end exiting with nt_start_addr == NULL, if we go all
the way through the address range without finding anything
and the loop terminates via the "KernBase >= 0xfffff78000000000"
condition.
However, we don't check for this, so we will then segfault
in pe_get_pdb_symstore_hash(), which assumes it's passed a non-NULL
address.
I guess we should be checking for nt_start_addr == NULL at the
end of the loop and treating it as a fatal error?
thanks
-- PMM
