From 18c742b5f0ae0285539e2dbea0c3a81961e9a7e5 Mon Sep 17 00:00:00 2001 From: Tom de Vries Date: Wed, 28 Nov 2018 14:06:23 +0000 Subject: [PATCH] [libbacktrace] Fix segfault upon allocation failure If the allocation of abbrevs->abbrevs in read_abbrevs fails, then abbrevs->num_abbrevs remains nonzero, and consequently free_abbrevs will segfault when accessing abbrevs->abbrevs. Fix this by setting abbrevs->num_abbrevs only after abbrevs->abbrevs allocation has succeeded. Bootstrapped and reg-tested on x86_64. 2018-11-28 Tom de Vries * dwarf.c (read_abbrevs): Fix handling of abbrevs->abbrevs allocation failure. From-SVN: r266562 --- libbacktrace/ChangeLog | 5 +++++ libbacktrace/dwarf.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libbacktrace/ChangeLog b/libbacktrace/ChangeLog index e7fdfd8e940..8894446a75b 100644 --- a/libbacktrace/ChangeLog +++ b/libbacktrace/ChangeLog @@ -1,3 +1,8 @@ +2018-11-28 Tom de Vries + + * dwarf.c (read_abbrevs): Fix handling of abbrevs->abbrevs allocation + failure. + 2018-11-27 Tom de Vries * mmap.c (backtrace_vector_release): Same. diff --git a/libbacktrace/dwarf.c b/libbacktrace/dwarf.c index 4e93f120820..34543747c8f 100644 --- a/libbacktrace/dwarf.c +++ b/libbacktrace/dwarf.c @@ -1105,13 +1105,13 @@ read_abbrevs (struct backtrace_state *state, uint64_t abbrev_offset, if (num_abbrevs == 0) return 1; - abbrevs->num_abbrevs = num_abbrevs; abbrevs->abbrevs = ((struct abbrev *) backtrace_alloc (state, num_abbrevs * sizeof (struct abbrev), error_callback, data)); if (abbrevs->abbrevs == NULL) return 0; + abbrevs->num_abbrevs = num_abbrevs; memset (abbrevs->abbrevs, 0, num_abbrevs * sizeof (struct abbrev)); num_abbrevs = 0; -- 2.30.2