projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a225c9a)
Remove a double free in the BFD library triggered when parsing a corrupt file.
authorNick Clifton <nickc@redhat.com>
Tue, 17 Mar 2020 16:45:07 +0000 (16:45 +0000)
committerNick Clifton <nickc@redhat.com>
Tue, 17 Mar 2020 16:45:07 +0000 (16:45 +0000)
PR 25687
* elf.c (_bfd_elf_slurp_secondary_reloc_section): Remove redundant
free.  Add free on another failure path.

bfd/ChangeLog patch | blob | history
bfd/elf.c patch | blob | history

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 76e2ba0fb88cd3c518cf58502aeb72251d9cbf98..515ab02bf503a12972fcc0372c5b761ac05b6396 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2020-03-17  Nick Clifton  <nickc@redhat.com>
+
+       PR 25687
+       * elf.c (_bfd_elf_slurp_secondary_reloc_section): Remove redundant
+       free.  Add free on another failure path.
+
 2020-03-16  Alan Modra  <amodra@gmail.com>
 
        PR 25675
diff --git a/bfd/elf.c b/bfd/elf.c
index 8ab7b3e2e816f5479b51da6a9789d800edeb8631..2a299f15f00454b13e349fb0d94bade412bb48f0 100644 (file)
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -12454,6 +12454,7 @@ _bfd_elf_slurp_secondary_reloc_section (bfd *      abfd,
          reloc_count = NUM_SHDR_ENTRIES (hdr);
          if (_bfd_mul_overflow (reloc_count, sizeof (arelent), & amt))
            {
+             free (native_relocs);
              bfd_set_error (bfd_error_file_too_big);
              result = FALSE;
              continue;
@@ -12472,7 +12473,8 @@ _bfd_elf_slurp_secondary_reloc_section (bfd *      abfd,
                  != hdr->sh_size))
            {
              free (native_relocs);
-             free (internal_relocs);
+             /* The internal_relocs will be freed when
+                the memory for the bfd is released.  */
              result = FALSE;
              continue;
            }