CVE-2022-47022: potential NULL glibc-cpuset dereferences in topology-linux.c · Issue #544 · open-mpi/hwloc

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

ash1852 opened this issue

Aug 31, 2022

· 3 comments

Comments

Hi, I found a potential null pointer dereference bug in the project source code of hwloc, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug, the green text represents some additional information to help understanding when the steps occur and the file path can be seen in the blue framed section.

Although the code shown is for version 2.1.0, this potential bug is still present in the current version

setsize = CPU_ALLOC_SIZE(last+1);

plinux_set = CPU_ALLOC(last+1);

CPU_ZERO_S(setsize, plinux_set);

would you can help to check if this bug is true?thank you!

Hello
Yes, there are likely many corner cases like where we don’t check allocation return values. Similar issue in hwloc_linux_set_tid_cpubind(), hwloc_linux_find_kernel_nr_cpus() and hwloc_linux_get_tid_cpubind(), hwloc_linux_set_thread_cpubind(), hwloc_linux_get_thread_cpubind().
The (bad) rational is that other things will go wrong before this one will trigger a crash. Feel free to send a fix :)

bgoglin changed the title A potential bug of NPD potential NULL glibc-cpuset dereferences in topology-linux.c

Aug 31, 2022

CVE-2022-47022 was assigned to this issue.

I didn’t have any involvement in the assignment, posting here for visibility.

Thanks for the reminder, I forgot about this, I am pushing the fix to master and all stable branches.

bgoglin added a commit that referenced this issue

Aug 24, 2023