From: Alan Modra <amodra@gmail.com>
Date: Wed, 19 Feb 2025 12:15:29 +0000 (+1030)
Subject: binutils/dwarf.c debug_information leak
X-Git-Tag: binutils-2_45~1546
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4;p=thirdparty%2Fbinutils-gdb.git

binutils/dwarf.c debug_information leak

It is possible with fuzzed files to have num_debug_info_entries zero
after allocating space for debug_information, leading to multiple
allocations.

	* dwarf.c (process_debug_info): Don't test num_debug_info_entries
	to determine whether debug_information has been allocated,
	test alloc_num_debug_info_entries.
---

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 8e004cea839..bfbf83ec9f4 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * section,
     }
 
   if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info)
-      && num_debug_info_entries == 0
-      && ! do_types)
+      && alloc_num_debug_info_entries == 0
+      && !do_types)
     {
-
       /* Then allocate an array to hold the information.  */
-      debug_information = (debug_info *) cmalloc (num_units,
-						  sizeof (* debug_information));
+      debug_information = cmalloc (num_units, sizeof (*debug_information));
       if (debug_information == NULL)
 	{
 	  error (_("Not enough memory for a debug info array of %u entries\n"),