From 645f43a80c63c4116ddfe1e0371746a9418e823c Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Tue, 14 Apr 2020 09:51:44 +0930
Subject: readelf memory leaks processing mips

	* readelf.c (process_mips_specific): Free eopt and iopt.  Avoid
	possibility of overflow when checking number of conflicts.
---
 binutils/readelf.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'binutils/readelf.c')

diff --git a/binutils/readelf.c b/binutils/readelf.c
index cd456b0..9149bb8 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -16817,6 +16817,7 @@ process_mips_specific (Filedata * filedata)
 	  if (iopt == NULL)
 	    {
 	      error (_("Out of memory allocating space for MIPS options\n"));
+	      free (eopt);
 	      return FALSE;
 	    }
 
@@ -16839,7 +16840,10 @@ process_mips_specific (Filedata * filedata)
 	      if (option->size < sizeof (* eopt)
 		  || offset + option->size > sect->sh_size)
 		{
-		  error (_("Invalid size (%u) for MIPS option\n"), option->size);
+		  error (_("Invalid size (%u) for MIPS option\n"),
+			 option->size);
+		  free (iopt);
+		  free (eopt);
 		  return FALSE;
 		}
 	      offset += option->size;
@@ -17033,7 +17037,7 @@ process_mips_specific (Filedata * filedata)
 	      offset += option->size;
 	      ++option;
 	    }
-
+	  free (iopt);
 	  free (eopt);
 	}
       else
@@ -17053,7 +17057,7 @@ process_mips_specific (Filedata * filedata)
 
       /* PR 21345 - print a slightly more helpful error message
 	 if we are sure that the cmalloc will fail.  */
-      if (conflictsno * sizeof (* iconf) > filedata->file_size)
+      if (conflictsno > filedata->file_size / sizeof (* iconf))
 	{
 	  error (_("Overlarge number of conflicts detected: %lx\n"),
 		 (long) conflictsno);
-- 
cgit v1.1