aboutsummaryrefslogtreecommitdiff
path: root/bfd/elf.c
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2020-03-17 16:45:07 +0000
committerNick Clifton <nickc@redhat.com>2020-03-17 16:45:07 +0000
commitecbbbdba7182865e522e0893915e9be487fe14b0 (patch)
treea90e8fe2e43bd4612d7a100edccfdebb312a68cd /bfd/elf.c
parenta225c9a8692814b4a29360479aee217d73e22d50 (diff)
downloadgdb-ecbbbdba7182865e522e0893915e9be487fe14b0.zip
gdb-ecbbbdba7182865e522e0893915e9be487fe14b0.tar.gz
gdb-ecbbbdba7182865e522e0893915e9be487fe14b0.tar.bz2
Remove a double free in the BFD library triggered when parsing a corrupt file.
PR 25687 * elf.c (_bfd_elf_slurp_secondary_reloc_section): Remove redundant free. Add free on another failure path.
Diffstat (limited to 'bfd/elf.c')
-rw-r--r--bfd/elf.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/bfd/elf.c b/bfd/elf.c
index 8ab7b3e..2a299f1 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -12454,6 +12454,7 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd,
reloc_count = NUM_SHDR_ENTRIES (hdr);
if (_bfd_mul_overflow (reloc_count, sizeof (arelent), & amt))
{
+ free (native_relocs);
bfd_set_error (bfd_error_file_too_big);
result = FALSE;
continue;
@@ -12472,7 +12473,8 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd,
!= hdr->sh_size))
{
free (native_relocs);
- free (internal_relocs);
+ /* The internal_relocs will be freed when
+ the memory for the bfd is released. */
result = FALSE;
continue;
}