diff options
author | Nick Clifton <nickc@redhat.com> | 2020-03-17 16:45:07 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2020-03-17 16:45:07 +0000 |
commit | ecbbbdba7182865e522e0893915e9be487fe14b0 (patch) | |
tree | a90e8fe2e43bd4612d7a100edccfdebb312a68cd /bfd/elf.c | |
parent | a225c9a8692814b4a29360479aee217d73e22d50 (diff) | |
download | gdb-ecbbbdba7182865e522e0893915e9be487fe14b0.zip gdb-ecbbbdba7182865e522e0893915e9be487fe14b0.tar.gz gdb-ecbbbdba7182865e522e0893915e9be487fe14b0.tar.bz2 |
Remove a double free in the BFD library triggered when parsing a corrupt file.
PR 25687
* elf.c (_bfd_elf_slurp_secondary_reloc_section): Remove redundant
free. Add free on another failure path.
Diffstat (limited to 'bfd/elf.c')
-rw-r--r-- | bfd/elf.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -12454,6 +12454,7 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd, reloc_count = NUM_SHDR_ENTRIES (hdr); if (_bfd_mul_overflow (reloc_count, sizeof (arelent), & amt)) { + free (native_relocs); bfd_set_error (bfd_error_file_too_big); result = FALSE; continue; @@ -12472,7 +12473,8 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd, != hdr->sh_size)) { free (native_relocs); - free (internal_relocs); + /* The internal_relocs will be freed when + the memory for the bfd is released. */ result = FALSE; continue; } |