aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2019-01-09 12:25:16 +0000
committerNick Clifton <nickc@redhat.com>2019-01-09 12:25:16 +0000
commit28e817cc440bce73691c03e01860089a0954a837 (patch)
tree6803d6e4f11de4f46160b68605f97c3cf0c7cbd2
parentd820d0c37beda1c29ff50bb1f2ebc1d23114d735 (diff)
downloadgdb-28e817cc440bce73691c03e01860089a0954a837.zip
gdb-28e817cc440bce73691c03e01860089a0954a837.tar.gz
gdb-28e817cc440bce73691c03e01860089a0954a837.tar.bz2
Fix a heap use after free memory access fault when displaying error messages about malformed archives.
PR 14049 * readelf.c (process_archive): Use arch.file_name in error messages until the qualified name is available.
-rw-r--r--binutils/ChangeLog6
-rw-r--r--binutils/readelf.c13
2 files changed, 14 insertions, 5 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index a0faddd..1f17d8f 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2019-01-09 Nick Clifton <nickc@redhat.com>
+
+ PR 14049
+ * readelf.c (process_archive): Use arch.file_name in error
+ messages until the qualified name is available.
+
2019-01-09 Andrew Paprocki <andrew@ishiboo.com>
* configure: Regenerate.
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 44577d8..56b80cc 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -19398,7 +19398,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
/* Read the next archive header. */
if (fseek (filedata->handle, arch.next_arhdr_offset, SEEK_SET) != 0)
{
- error (_("%s: failed to seek to next archive header\n"), filedata->file_name);
+ error (_("%s: failed to seek to next archive header\n"), arch.file_name);
return FALSE;
}
got = fread (&arch.arhdr, 1, sizeof arch.arhdr, filedata->handle);
@@ -19406,7 +19406,10 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
{
if (got == 0)
break;
- error (_("%s: failed to read archive header\n"), filedata->file_name);
+ /* PR 24049 - we cannot use filedata->file_name as this will
+ have already been freed. */
+ error (_("%s: failed to read archive header\n"), arch.file_name);
+
ret = FALSE;
break;
}
@@ -19426,7 +19429,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
name = get_archive_member_name (&arch, &nested_arch);
if (name == NULL)
{
- error (_("%s: bad archive file name\n"), filedata->file_name);
+ error (_("%s: bad archive file name\n"), arch.file_name);
ret = FALSE;
break;
}
@@ -19435,7 +19438,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
qualified_name = make_qualified_name (&arch, &nested_arch, name);
if (qualified_name == NULL)
{
- error (_("%s: bad archive file name\n"), filedata->file_name);
+ error (_("%s: bad archive file name\n"), arch.file_name);
ret = FALSE;
break;
}
@@ -19481,7 +19484,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
if (nested_arch.file == NULL)
{
error (_("%s: contains corrupt thin archive: %s\n"),
- filedata->file_name, name);
+ qualified_name, name);
ret = FALSE;
break;
}