Hi; Coverity detected an issue in contrib/elf2dmp/main.c (CID 1398641). In this loop:
for (; KernBase >= 0xfffff78000000000; KernBase -= PAGE_SIZE) { nt_start_addr = va_space_resolve(&vs, KernBase); if (!nt_start_addr) { continue; } if (*(uint16_t *)nt_start_addr == 0x5a4d) { /* MZ */ break; } } we might end exiting with nt_start_addr == NULL, if we go all the way through the address range without finding anything and the loop terminates via the "KernBase >= 0xfffff78000000000" condition. However, we don't check for this, so we will then segfault in pe_get_pdb_symstore_hash(), which assumes it's passed a non-NULL address. I guess we should be checking for nt_start_addr == NULL at the end of the loop and treating it as a fatal error? thanks -- PMM