PR24427, bfd/doc/chew.c reads uninitialized memory and subtracts from function pointer

author Michael Forney <mforney@mforney.org>

Wed, 10 Apr 2019 08:47:37 +0000 (18:17 +0930)

committer Alan Modra <amodra@gmail.com>

Wed, 10 Apr 2019 09:00:29 +0000 (18:30 +0930)
author Michael Forney <mforney@mforney.org>
Wed, 10 Apr 2019 08:47:37 +0000 (18:17 +0930)
committer Alan Modra <amodra@gmail.com>
Wed, 10 Apr 2019 09:00:29 +0000 (18:30 +0930)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 6e85dc797bdb3e387cb8a3e2c871922ccdf6ef5f..03cab045da6bce1c6b3cf1e9bc85603a7b3f897c 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2019-04-10  Michael Forney  <mforney@mforney.org>
+
+       PR 24427
+       * doc/chew.c (free_words): Correctly free "push_text" strings.
+
  2019-04-08  H.J. Lu  <hongjiu.lu@intel.com>
  
         * config.bfd: Remove i[3-7]86-*-kaos* and i[3-7]86-*-chaos targets.
diff --git a/bfd/doc/chew.c b/bfd/doc/chew.c

index c3dd9b444bfc93b1b24fd2059bea4ba44b820376..ef5a22c2fa57f2cd794e512a96aedcd797cf361e 100644 (file)
--- a/bfd/doc/chew.c
+++ b/bfd/doc/chew.c
@@ -1260,11 +1260,11 @@ free_words (void)
        if (ptr->code)
         {
           int i;
-         for (i = 0; i < ptr->code_length; i ++)
+         for (i = 0; i < ptr->code_end - 1; i ++)
             if (ptr->code[i] == push_text
                 && ptr->code[i + 1])
               {
-               free (ptr->code[i + 1] - 1);
+               free ((char *) ptr->code[i + 1] - 1);
                 ++ i;
               }
           free (ptr->code);
author	Michael Forney <mforney@mforney.org>
	Wed, 10 Apr 2019 08:47:37 +0000 (18:17 +0930)
committer	Alan Modra <amodra@gmail.com>
	Wed, 10 Apr 2019 09:00:29 +0000 (18:30 +0930)
bfd/ChangeLog		patch \| blob \| history
bfd/doc/chew.c		patch \| blob \| history