projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fa1477d)
readelf memory leaks processing mips
authorAlan Modra <amodra@gmail.com>
Tue, 14 Apr 2020 00:21:44 +0000 (09:51 +0930)
committerAlan Modra <amodra@gmail.com>
Tue, 14 Apr 2020 14:09:05 +0000 (23:39 +0930)
* readelf.c (process_mips_specific): Free eopt and iopt.  Avoid
possibility of overflow when checking number of conflicts.

binutils/ChangeLog patch | blob | history
binutils/readelf.c patch | blob | history

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index c5d0355c189160e0ccd0334385c3f758f9587234..33ca3e93e282af3ba2a64bbc7cadc7375e43e365 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2020-04-14  Alan Modra  <amodra@gmail.com>
+
+       * readelf.c (process_mips_specific): Free eopt and iopt.  Avoid
+       possibility of overflow when checking number of conflicts.
+
 2020-04-14  H.J. Lu  <hongjiu.lu@intel.com>
 
        PR binutils/25707
diff --git a/binutils/readelf.c b/binutils/readelf.c
index cd456b02900154dc3968428875b73fbe3c4947c1..9149bb8ce4d79653b614ef781354943f3bc76d28 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -16817,6 +16817,7 @@ process_mips_specific (Filedata * filedata)
          if (iopt == NULL)
            {
              error (_("Out of memory allocating space for MIPS options\n"));
+             free (eopt);
              return FALSE;
            }
 
@@ -16839,7 +16840,10 @@ process_mips_specific (Filedata * filedata)
              if (option->size < sizeof (* eopt)
                  || offset + option->size > sect->sh_size)
                {
-                 error (_("Invalid size (%u) for MIPS option\n"), option->size);
+                 error (_("Invalid size (%u) for MIPS option\n"),
+                        option->size);
+                 free (iopt);
+                 free (eopt);
                  return FALSE;
                }
              offset += option->size;
@@ -17033,7 +17037,7 @@ process_mips_specific (Filedata * filedata)
              offset += option->size;
              ++option;
            }
-
+         free (iopt);
          free (eopt);
        }
       else
@@ -17053,7 +17057,7 @@ process_mips_specific (Filedata * filedata)
 
       /* PR 21345 - print a slightly more helpful error message
         if we are sure that the cmalloc will fail.  */
-      if (conflictsno * sizeof (* iconf) > filedata->file_size)
+      if (conflictsno > filedata->file_size / sizeof (* iconf))
        {
          error (_("Overlarge number of conflicts detected: %lx\n"),
                 (long) conflictsno);