[libbacktrace] Fix segfault upon allocation failure

If the allocation of abbrevs->abbrevs in read_abbrevs fails, then
abbrevs->num_abbrevs remains nonzero, and consequently free_abbrevs will
segfault when accessing abbrevs->abbrevs.

Fix this by setting abbrevs->num_abbrevs only after abbrevs->abbrevs
allocation has succeeded.

Bootstrapped and reg-tested on x86_64.

2018-11-28  Tom de Vries  <tdevries@suse.de>

	* dwarf.c (read_abbrevs): Fix handling of abbrevs->abbrevs allocation
	failure.

From-SVN: r266562

2 files changed, 6 insertions, 1 deletions

diff --git a/libbacktrace/ChangeLog b/libbacktrace/ChangeLog
index e7fdfd8..8894446 100644
--- a/libbacktrace/ChangeLog
+++ b/libbacktrace/ChangeLog
@@ -1,3 +1,8 @@
+2018-11-28  Tom de Vries  <tdevries@suse.de>
+
+	* dwarf.c (read_abbrevs): Fix handling of abbrevs->abbrevs allocation
+	failure.
+
 2018-11-27  Tom de Vries  <tdevries@suse.de>
 
 	* mmap.c (backtrace_vector_release): Same.
diff --git a/libbacktrace/dwarf.c b/libbacktrace/dwarf.c
index 4e93f12..3454374 100644
--- a/libbacktrace/dwarf.c
+++ b/libbacktrace/dwarf.c
@@ -1105,13 +1105,13 @@ read_abbrevs (struct backtrace_state *state, uint64_t abbrev_offset,
   if (num_abbrevs == 0)
     return 1;
 
-  abbrevs->num_abbrevs = num_abbrevs;
   abbrevs->abbrevs = ((struct abbrev *)
 		      backtrace_alloc (state,
 				       num_abbrevs * sizeof (struct abbrev),
 				       error_callback, data));
   if (abbrevs->abbrevs == NULL)
     return 0;
+  abbrevs->num_abbrevs = num_abbrevs;
   memset (abbrevs->abbrevs, 0, num_abbrevs * sizeof (struct abbrev));
 
   num_abbrevs = 0;