Using `$libdir` doesn't work and produces an error when configuring with ` ./configure --with-unixodbc=$(brew --prefix)`
> configure:21209: gcc -o conftest -g -O2 -Wall -Werror -L/opt/homebrew/${exec_prefix}/lib conftest.c -lodbcinst >&5
> ld: warning: directory not found for option '-L/opt/homebrew/${exec_prefix}/lib'
> ld: library not found for -lodbcinst
> clang: error: linker command failed with exit code 1 (use -v to see invocation)
Note that `warning: directory not found for option '-L/.../${exec_prefix}/lib'` is always emitted but if unixodbc is installed in `/usr/local/lib` linking would still work.
A couple of places were missing NULL return value checks for
mdb_read_table()'s return value. Add these.
This fixes a NULL pointer deref while running ./test_script.sh
on the test mdb file from oss-fuzz/35972 .
Note this does NOT fix the original problem reported in oss-fuzz/35972
which reports a "Dynamic-stack-buffer-overflow WRITE 16" issue,
which I've been unable to reproduce.
The oss-fuzz/36187 attached
clusterfuzz-testcase-minimized-fuzz_mdb-4756071066501120
has a table with a map_sz of 0 and the g_memdup2 call returns NULL for
this, while mdb_map_find_next unconditionally derefs table->usage_map
to read the first byte which contains the map-type.
This leads to a NULL-ptr deref (at least with -fsanitize=address builds),
fix this by rejecting tables with a map_sz of 0.
Note this does NOT fix the original problem reported in oss-fuzz/36187
which reports a "Dynamic-stack-buffer-overflow WRITE 16" issue, which
I've been unable to reproduce.
mdbtools triggered
In function ‘printf’,
inlined from ‘mdb_dump_catalog’ at catalog.c:195:4:
/usr/include/powerpc64le-linux-gnu/bits/stdio2.h:112:10:
error: ‘%-12s’ directive argument is null [-Werror=format-overflow=]
112 | return __printf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ());
This is due to mdb_get_objtype_string potentially returning NULL
which isn't allowed anymore as it would cause a segfault on the latter
print.
Fixes: #352
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
