readelf: segfault at readelf.c:12227

This is another one where not cleaning up sufficiently after
processing one file can lead to errors when processing the next file.
We have ngnuchains non-zero but gnuchains NULL in the following:
  off < ngnuchains && (gnuchains[off] & 1) == 0

	* readelf.c (process_symbol_table): Clear ngnuchains, ngnubuckets
	and nbuckets.

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 86eb57814004580e3d9d6290c6972d03f4be8ec3..6280eb7c37a63d589f964eb1ad33f266638beb39 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2020-04-20  Alan Modra  <amodra@gmail.com>
+
+       * readelf.c (process_symbol_table): Clear ngnuchains, ngnubuckets
+       and nbuckets.
+
 2020-04-20  Alan Modra  <amodra@gmail.com>
 
        * readelf.c (process_section_headers): Free dynamic symbols etc.

diff --git a/binutils/readelf.c b/binutils/readelf.c
index d9c9b7ea0c1f9eba459e1a7f22489da90b9b1763..ea30f883c5994180353bcb421c6716cd86cc05be 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -12188,6 +12188,7 @@ process_symbol_table (Filedata * filedata)
 
   free (buckets);
   buckets = NULL;
+  nbuckets = 0;
   free (chains);
   chains = NULL;
 
@@ -12263,8 +12264,10 @@ process_symbol_table (Filedata * filedata)
     }
   free (gnubuckets);
   gnubuckets = NULL;
+  ngnubuckets = 0;
   free (gnuchains);
   gnuchains = NULL;
+  ngnuchains = 0;
   free (mipsxlat);
   mipsxlat = NULL;
   return TRUE;
@@ -12272,12 +12275,15 @@ process_symbol_table (Filedata * filedata)
  err_out:
   free (gnubuckets);
   gnubuckets = NULL;
+  ngnubuckets = 0;
   free (gnuchains);
   gnuchains = NULL;
+  ngnuchains = 0
   free (mipsxlat);
   mipsxlat = NULL;
   free (buckets);
   buckets = NULL;
+  nbuckets = 0;
   free (chains);
   chains = NULL;
   return FALSE;