diff options
author | Nick Clifton <nickc@redhat.com> | 2019-01-09 12:25:16 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2019-01-09 12:25:16 +0000 |
commit | 28e817cc440bce73691c03e01860089a0954a837 (patch) | |
tree | 6803d6e4f11de4f46160b68605f97c3cf0c7cbd2 /binutils | |
parent | d820d0c37beda1c29ff50bb1f2ebc1d23114d735 (diff) | |
download | fsf-binutils-gdb-28e817cc440bce73691c03e01860089a0954a837.zip fsf-binutils-gdb-28e817cc440bce73691c03e01860089a0954a837.tar.gz fsf-binutils-gdb-28e817cc440bce73691c03e01860089a0954a837.tar.bz2 |
Fix a heap use after free memory access fault when displaying error messages about malformed archives.
PR 14049
* readelf.c (process_archive): Use arch.file_name in error
messages until the qualified name is available.
Diffstat (limited to 'binutils')
-rw-r--r-- | binutils/ChangeLog | 6 | ||||
-rw-r--r-- | binutils/readelf.c | 13 |
2 files changed, 14 insertions, 5 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index a0faddd..1f17d8f 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2019-01-09 Nick Clifton <nickc@redhat.com> + + PR 14049 + * readelf.c (process_archive): Use arch.file_name in error + messages until the qualified name is available. + 2019-01-09 Andrew Paprocki <andrew@ishiboo.com> * configure: Regenerate. diff --git a/binutils/readelf.c b/binutils/readelf.c index 44577d8..56b80cc 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -19398,7 +19398,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive) /* Read the next archive header. */ if (fseek (filedata->handle, arch.next_arhdr_offset, SEEK_SET) != 0) { - error (_("%s: failed to seek to next archive header\n"), filedata->file_name); + error (_("%s: failed to seek to next archive header\n"), arch.file_name); return FALSE; } got = fread (&arch.arhdr, 1, sizeof arch.arhdr, filedata->handle); @@ -19406,7 +19406,10 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive) { if (got == 0) break; - error (_("%s: failed to read archive header\n"), filedata->file_name); + /* PR 24049 - we cannot use filedata->file_name as this will + have already been freed. */ + error (_("%s: failed to read archive header\n"), arch.file_name); + ret = FALSE; break; } @@ -19426,7 +19429,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive) name = get_archive_member_name (&arch, &nested_arch); if (name == NULL) { - error (_("%s: bad archive file name\n"), filedata->file_name); + error (_("%s: bad archive file name\n"), arch.file_name); ret = FALSE; break; } @@ -19435,7 +19438,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive) qualified_name = make_qualified_name (&arch, &nested_arch, name); if (qualified_name == NULL) { - error (_("%s: bad archive file name\n"), filedata->file_name); + error (_("%s: bad archive file name\n"), arch.file_name); ret = FALSE; break; } @@ -19481,7 +19484,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive) if (nested_arch.file == NULL) { error (_("%s: contains corrupt thin archive: %s\n"), - filedata->file_name, name); + qualified_name, name); ret = FALSE; break; } |