From 31991eaaeee55fbf077e5c7ed1bc5deece050933 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Thu, 30 Mar 2023 18:15:49 +1030
Subject: [PATCH] Memory leak in process_abbrev_set

We may have added some abbrevs to the list before hitting an error.
Free the list elements too.  free_abbrev_list returns list->next so we
need to init it earlier to avoid an uninitialised memory access.

	* dwarf.c (process_abbrev_set): Call free_abbrev_list on errors.
	Set list->next earlier.
---
 binutils/dwarf.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index d6fc9fe991c..d08f01cab79 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -990,6 +990,7 @@ process_abbrev_set (struct dwarf_section *section,
   list->first_abbrev = NULL;
   list->last_abbrev = NULL;
   list->raw = start;
+  list->next = NULL;
 
   while (start < end)
     {
@@ -1005,17 +1006,13 @@ process_abbrev_set (struct dwarf_section *section,
 	 the caller.  */
       if (start == end || entry == 0)
 	{
-	  list->next = NULL;
 	  list->start_of_next_abbrevs = start != end ? start : NULL;
 	  return list;
 	}
 
       READ_ULEB (tag, start, end);
       if (start == end)
-	{
-	  free (list);
-	  return NULL;
-	}
+	return free_abbrev_list (list);
 
       children = *start++;
 
@@ -1050,8 +1047,7 @@ process_abbrev_set (struct dwarf_section *section,
   /* Report the missing single zero which ends the section.  */
   error (_("%s section not zero terminated\n"), section->name);
 
-  free (list);
-  return NULL;
+  return free_abbrev_list (list);
 }
 
 /* Return a sequence of abbrevs in SECTION starting at ABBREV_BASE
-- 
2.30.2