diff options
author | Alan Modra <amodra@gmail.com> | 2021-01-04 10:19:14 +1030 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2021-01-04 11:08:05 +1030 |
commit | e9cf3691bfa140469d52815a2307b00eecf7917c (patch) | |
tree | 5a08c301a555a464e6b84b140587af87966c36e5 | |
parent | a7c23ac9317e590893906a4b425ea1344eafdc52 (diff) | |
download | gdb-e9cf3691bfa140469d52815a2307b00eecf7917c.zip gdb-e9cf3691bfa140469d52815a2307b00eecf7917c.tar.gz gdb-e9cf3691bfa140469d52815a2307b00eecf7917c.tar.bz2 |
PR26741, benign use after free in riscv_parse_prefixed_ext
ISO/IEC 9899:1999 C standard "J.2 Undefined behavior" says the
following is undefined behaviour:
"The value of a pointer that refers to space deallocated by a call to
the free or realloc function is used (7.20.3)."
PR 26741
* elfxx-riscv.c (riscv_parse_prefixed_ext): Free subset after
calculating subset version length.
-rw-r--r-- | bfd/ChangeLog | 6 | ||||
-rw-r--r-- | bfd/elfxx-riscv.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index d760a4a..a72e811 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2021-01-04 Alan Modra <amodra@gmail.com> + + PR 26741 + * elfxx-riscv.c (riscv_parse_prefixed_ext): Free subset after + calculating subset version length. + 2021-01-01 Nicolas Boulenguez <nicolas@debian.org> * xcofflink.c: Correct spelling in comments. diff --git a/bfd/elfxx-riscv.c b/bfd/elfxx-riscv.c index 9d7f606..101e27f 100644 --- a/bfd/elfxx-riscv.c +++ b/bfd/elfxx-riscv.c @@ -1572,8 +1572,8 @@ riscv_parse_prefixed_ext (riscv_parse_subset_t *rps, riscv_parse_add_subset (rps, subset, major_version, minor_version, FALSE); - free (subset); p += end_of_version - subset; + free (subset); if (*p != '\0' && *p != '_') { |