From 736c9875c040e88c5f508338b68f04f7a42c3b9d Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Sat, 29 Aug 2020 10:30:07 +0930
Subject: PR26459 UBSAN: elfnn-ia64.c:1945 null pointer bsearch

	PR 26495
	* elfnn-ia64.c (get_dyn_sym_info): Don't bsearch or look at last
	element when count is zero.  bfd_realloc when shrinking.
---
 bfd/ChangeLog    |  6 ++++++
 bfd/elfnn-ia64.c | 40 +++++++++++++++++++++-------------------
 2 files changed, 27 insertions(+), 19 deletions(-)

(limited to 'bfd')

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 33cc1c4..cc8451f 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2020-08-29  Alan Modra  <amodra@gmail.com>
+
+	PR 26495
+	* elfnn-ia64.c (get_dyn_sym_info): Don't bsearch or look at last
+	element when count is zero.  bfd_realloc when shrinking.
+
 2020-08-28  Alan Modra  <amodra@gmail.com>
 
 	PR 26418
diff --git a/bfd/elfnn-ia64.c b/bfd/elfnn-ia64.c
index cadf645..292c00b 100644
--- a/bfd/elfnn-ia64.c
+++ b/bfd/elfnn-ia64.c
@@ -1867,18 +1867,16 @@ get_dyn_sym_info (struct elfNN_ia64_link_hash_table *ia64_info,
 	      key.addend = addend;
 	      dyn_i = bsearch (&key, info, sorted_count,
 			       sizeof (*info), addend_compare);
-
 	      if (dyn_i)
-		{
-		  return dyn_i;
-		}
+		return dyn_i;
 	    }
 
-	  /* Do a quick check for the last inserted entry.  */
-	  dyn_i = info + count - 1;
-	  if (dyn_i->addend == addend)
+	  if (count != 0)
 	    {
-	      return dyn_i;
+	      /* Do a quick check for the last inserted entry.  */
+	      dyn_i = info + count - 1;
+	      if (dyn_i->addend == addend)
+		return dyn_i;
 	    }
 	}
 
@@ -1932,19 +1930,23 @@ get_dyn_sym_info (struct elfNN_ia64_link_hash_table *ia64_info,
       if (size != count)
 	{
 	  amt = count * sizeof (*info);
-	  info = bfd_malloc (amt);
-	  if (info != NULL)
-	    {
-	      memcpy (info, *info_p, amt);
-	      free (*info_p);
-	      *size_p = count;
-	      *info_p = info;
-	    }
+	  info = bfd_realloc (info, amt);
+	  *size_p = count;
+	  if (info == NULL && count != 0)
+	    /* realloc should never fail since we are reducing size here,
+	       but if it does use the old array.  */
+	    info = *info_p;
+	  else
+	    *info_p = info;
 	}
 
-      key.addend = addend;
-      dyn_i = bsearch (&key, info, count,
-		       sizeof (*info), addend_compare);
+      if (count == 0)
+	dyn_i = NULL;
+      else
+	{
+	  key.addend = addend;
+	  dyn_i = bsearch (&key, info, count, sizeof (*info), addend_compare);
+	}
     }
 
   return dyn_i;
-- 
cgit v1.1