diff options
| author | Alan Modra <amodra@gmail.com> | 2020-08-29 10:30:07 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2020-08-29 13:16:42 +0930 |
| commit | 736c9875c040e88c5f508338b68f04f7a42c3b9d (patch) | |
| tree | 8beb61566a2ed59abde0b4def662a08e11f0010a | |
| parent | 9b5f4ffe1b8e92dd0d0004ffae4fa04b61220fba (diff) | |
| download | gdb-736c9875c040e88c5f508338b68f04f7a42c3b9d.zip gdb-736c9875c040e88c5f508338b68f04f7a42c3b9d.tar.gz gdb-736c9875c040e88c5f508338b68f04f7a42c3b9d.tar.bz2 | |
PR26459 UBSAN: elfnn-ia64.c:1945 null pointer bsearch
PR 26495
* elfnn-ia64.c (get_dyn_sym_info): Don't bsearch or look at last
element when count is zero. bfd_realloc when shrinking.
| -rw-r--r-- | bfd/ChangeLog | 6 | ||||
| -rw-r--r-- | bfd/elfnn-ia64.c | 40 |
2 files changed, 27 insertions, 19 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 33cc1c4..cc8451f 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2020-08-29 Alan Modra <amodra@gmail.com> + + PR 26495 + * elfnn-ia64.c (get_dyn_sym_info): Don't bsearch or look at last + element when count is zero. bfd_realloc when shrinking. + 2020-08-28 Alan Modra <amodra@gmail.com> PR 26418 diff --git a/bfd/elfnn-ia64.c b/bfd/elfnn-ia64.c index cadf645..292c00b 100644 --- a/bfd/elfnn-ia64.c +++ b/bfd/elfnn-ia64.c @@ -1867,18 +1867,16 @@ get_dyn_sym_info (struct elfNN_ia64_link_hash_table *ia64_info, key.addend = addend; dyn_i = bsearch (&key, info, sorted_count, sizeof (*info), addend_compare); - if (dyn_i) - { - return dyn_i; - } + return dyn_i; } - /* Do a quick check for the last inserted entry. */ - dyn_i = info + count - 1; - if (dyn_i->addend == addend) + if (count != 0) { - return dyn_i; + /* Do a quick check for the last inserted entry. */ + dyn_i = info + count - 1; + if (dyn_i->addend == addend) + return dyn_i; } } @@ -1932,19 +1930,23 @@ get_dyn_sym_info (struct elfNN_ia64_link_hash_table *ia64_info, if (size != count) { amt = count * sizeof (*info); - info = bfd_malloc (amt); - if (info != NULL) - { - memcpy (info, *info_p, amt); - free (*info_p); - *size_p = count; - *info_p = info; - } + info = bfd_realloc (info, amt); + *size_p = count; + if (info == NULL && count != 0) + /* realloc should never fail since we are reducing size here, + but if it does use the old array. */ + info = *info_p; + else + *info_p = info; } - key.addend = addend; - dyn_i = bsearch (&key, info, count, - sizeof (*info), addend_compare); + if (count == 0) + dyn_i = NULL; + else + { + key.addend = addend; + dyn_i = bsearch (&key, info, count, sizeof (*info), addend_compare); + } } return dyn_i; |