From f761cb13a903da6a5a1b3f9a5cb984600124ac31 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Sat, 14 Mar 2020 11:11:28 +1030 Subject: [PATCH] asan: readelf: memory leaks * readelf.c (dump_section_as_strings): Free memory on error exit. (dump_section_as_bytes, process_notes_at): Likewise. (get_build_id): Free enote. --- binutils/ChangeLog | 6 ++++++ binutils/readelf.c | 38 ++++++++++++++++++++++++++++++-------- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index d88ec4dacb2..9a64b0de245 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2020-03-14 Alan Modra + + * readelf.c (dump_section_as_strings): Free memory on error exit. + (dump_section_as_bytes, process_notes_at): Likewise. + (get_build_id): Free enote. + 2020-03-13 Kamil Rytarowski * readelf.c (get_netbsd_elfcore_note_type): Add support for diff --git a/binutils/readelf.c b/binutils/readelf.c index f36883cb645..b106e8c816f 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -13682,7 +13682,7 @@ dump_section_as_strings (Elf_Internal_Shdr * section, Filedata * filedata) { warn (_("section '%s' has unsupported compress type: %d\n"), printable_section_name (filedata, section), chdr.ch_type); - return FALSE; + goto error_out; } uncompressed_size = chdr.ch_size; start += compression_header_size; @@ -13714,7 +13714,7 @@ dump_section_as_strings (Elf_Internal_Shdr * section, Filedata * filedata) { error (_("Unable to decompress section %s\n"), printable_section_name (filedata, section)); - return FALSE; + goto error_out; } } else @@ -13850,6 +13850,10 @@ dump_section_as_strings (Elf_Internal_Shdr * section, Filedata * filedata) putchar ('\n'); return TRUE; + +error_out: + free (real_start); + return FALSE; } static bfd_boolean @@ -13889,7 +13893,7 @@ dump_section_as_bytes (Elf_Internal_Shdr * section, { warn (_("section '%s' has unsupported compress type: %d\n"), printable_section_name (filedata, section), chdr.ch_type); - return FALSE; + goto error_out; } uncompressed_size = chdr.ch_size; start += compression_header_size; @@ -13924,7 +13928,7 @@ dump_section_as_bytes (Elf_Internal_Shdr * section, error (_("Unable to decompress section %s\n"), printable_section_name (filedata, section)); /* FIXME: Print the section anyway ? */ - return FALSE; + goto error_out; } } else @@ -13934,7 +13938,7 @@ dump_section_as_bytes (Elf_Internal_Shdr * section, if (relocate) { if (! apply_relocations (filedata, section, start, section_size, NULL, NULL)) - return FALSE; + goto error_out; } else { @@ -14004,6 +14008,10 @@ dump_section_as_bytes (Elf_Internal_Shdr * section, putchar ('\n'); return TRUE; + + error_out: + free (real_start); + return FALSE; } static ctf_sect_t * @@ -14317,7 +14325,10 @@ get_build_id (void * data) if (align < 4) align = 4; else if (align != 4 && align != 8) - continue; + { + free (enote); + continue; + } end = (char *) enote + length; data_remaining = end - (char *) enote; @@ -14330,6 +14341,7 @@ get_build_id (void * data) warn (_("\ malformed note encountered in section %s whilst scanning for build-id note\n"), printable_section_name (filedata, shdr)); + free (enote); continue; } data_remaining -= min_notesz; @@ -14356,6 +14368,7 @@ malformed note encountered in section %s whilst scanning for build-id note\n"), warn (_("\ malformed note encountered in section %s whilst scanning for build-id note\n"), printable_section_name (filedata, shdr)); + free (enote); continue; } data_remaining -= min_notesz; @@ -14380,6 +14393,7 @@ malformed note encountered in section %s whilst scanning for build-id note\n"), warn (_("\ malformed note encountered in section %s whilst scanning for build-id note\n"), printable_section_name (filedata, shdr)); + free (enote); continue; } @@ -14394,14 +14408,19 @@ malformed note encountered in section %s whilst scanning for build-id note\n"), build_id = malloc (inote.descsz * 2 + 1); if (build_id == NULL) - return NULL; + { + free (enote); + return NULL; + } for (j = 0; j < inote.descsz; ++j) sprintf (build_id + (j * 2), "%02x", inote.descdata[j] & 0xff); build_id[inote.descsz * 2] = '\0'; + free (enote); return (unsigned char *) build_id; } + free (enote); } return NULL; @@ -19425,7 +19444,10 @@ process_notes_at (Filedata * filedata, if (pnotes) { if (! apply_relocations (filedata, section, (unsigned char *) pnotes, length, NULL, NULL)) - return FALSE; + { + free (pnotes); + return FALSE; + } } } else -- 2.30.2