projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a610aa4)
libctf: fix use-after-free in function dumping
authorNick Alcock <nick.alcock@oracle.com>
Mon, 3 Jun 2019 19:26:02 +0000 (20:26 +0100)
committerNick Alcock <nick.alcock@oracle.com>
Tue, 4 Jun 2019 16:05:08 +0000 (17:05 +0100)
This is actually a free-before-initializing (i.e. a free of garbage).

libctf/
* ctf-dump.c (ctf_dump_funcs): Free in the right place.

libctf/ChangeLog patch | blob | history
libctf/ctf-dump.c patch | blob | history

diff --git a/libctf/ChangeLog b/libctf/ChangeLog
index d059d58d19b116a4ed5f94d700132a5688bfd1f8..01b8d8da2486a5e5e85c4d3f420fbff23fdb6ff2 100644 (file)
--- a/libctf/ChangeLog
+++ b/libctf/ChangeLog
@@ -1,3 +1,7 @@
+2019-06-03  Nick Alcock  <nick.alcock@oracle.com>
+
+       * ctf-dump.c (ctf_dump_funcs): Free in the right place.
+
 2019-05-29  Nick Alcock  <nick.alcock@oracle.com>
 
        * Makefile.am (ZLIB): New.
diff --git a/libctf/ctf-dump.c b/libctf/ctf-dump.c
index c2ed791eea690cbb0885fa6e0dc23c1f72ce9b2d..82f63c29d007d15a0806fc511642e40c69fd33a9 100644 (file)
--- a/libctf/ctf-dump.c
+++ b/libctf/ctf-dump.c
@@ -273,7 +273,6 @@ ctf_dump_funcs (ctf_file_t *fp, ctf_dump_state_t *state)
        goto err;
 
       str = ctf_str_append (str, " ");
-      free (bit);
 
       /* Function name.  */
 
@@ -290,6 +289,7 @@ ctf_dump_funcs (ctf_file_t *fp, ctf_dump_state_t *state)
        }
       str = ctf_str_append (str, bit);
       str = ctf_str_append (str, " (");
+      free (bit);
 
       /* Function arguments.  */