diff options
| author | Nick Clifton <nickc@redhat.com> | 2020-03-17 16:45:07 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2020-03-17 16:45:07 +0000 |
| commit | ecbbbdba7182865e522e0893915e9be487fe14b0 (patch) | |
| tree | a90e8fe2e43bd4612d7a100edccfdebb312a68cd /bfd | |
| parent | a225c9a8692814b4a29360479aee217d73e22d50 (diff) | |
| download | fsf-binutils-gdb-ecbbbdba7182865e522e0893915e9be487fe14b0.zip fsf-binutils-gdb-ecbbbdba7182865e522e0893915e9be487fe14b0.tar.gz fsf-binutils-gdb-ecbbbdba7182865e522e0893915e9be487fe14b0.tar.bz2 | |
Remove a double free in the BFD library triggered when parsing a corrupt file.
PR 25687
* elf.c (_bfd_elf_slurp_secondary_reloc_section): Remove redundant
free. Add free on another failure path.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 6 | ||||
| -rw-r--r-- | bfd/elf.c | 4 |
2 files changed, 9 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 76e2ba0..515ab02 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2020-03-17 Nick Clifton <nickc@redhat.com> + + PR 25687 + * elf.c (_bfd_elf_slurp_secondary_reloc_section): Remove redundant + free. Add free on another failure path. + 2020-03-16 Alan Modra <amodra@gmail.com> PR 25675 @@ -12454,6 +12454,7 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd, reloc_count = NUM_SHDR_ENTRIES (hdr); if (_bfd_mul_overflow (reloc_count, sizeof (arelent), & amt)) { + free (native_relocs); bfd_set_error (bfd_error_file_too_big); result = FALSE; continue; @@ -12472,7 +12473,8 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd, != hdr->sh_size)) { free (native_relocs); - free (internal_relocs); + /* The internal_relocs will be freed when + the memory for the bfd is released. */ result = FALSE; continue; } |