From: Mark Wielaard Date: Sat, 13 Feb 2016 18:36:50 +0000 (+0100) Subject: libdw: Fix bad free on invalid data in dwarf_getsrclines.c. X-Git-Tag: elfutils-0.166~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e93e6f9279c34820bed6af17e6df51e1dcb6a8e0;p=thirdparty%2Felfutils.git libdw: Fix bad free on invalid data in dwarf_getsrclines.c. If the last dir name wasn't zero terminated we goto invalid_data and might free the wrong data because we believe ndirlist is valid. Don't update ndirlist until we are sure we will use all dirs. Signed-off-by: Mark Wielaard --- diff --git a/libdw/ChangeLog b/libdw/ChangeLog index fc80e8d24..36c332aee 100644 --- a/libdw/ChangeLog +++ b/libdw/ChangeLog @@ -1,3 +1,8 @@ +2016-02-13 Mark Wielaard + + * dwarf_getsrclines.c (read_srclines): Calculate ndirs first, then + assign to ndirlist. + 2015-12-18 Mark Wielaard * libdwP.h (struct Dwarf): Remove sectiondata_gzip_mask. diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c index dd1b3c1fe..d02c38db4 100644 --- a/libdw/dwarf_getsrclines.c +++ b/libdw/dwarf_getsrclines.c @@ -1,5 +1,5 @@ /* Return line number information of CU. - Copyright (C) 2004-2010, 2013, 2014, 2015 Red Hat, Inc. + Copyright (C) 2004-2010, 2013, 2014, 2015, 2016 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper , 2004. @@ -288,14 +288,16 @@ read_srclines (Dwarf *dbg, /* First count the entries. */ const unsigned char *dirp = linep; + unsigned int ndirs = 0; while (*dirp != 0) { uint8_t *endp = memchr (dirp, '\0', lineendp - dirp); if (endp == NULL) goto invalid_data; - ++ndirlist; + ++ndirs; dirp = endp + 1; } + ndirlist += ndirs; /* Arrange the list in array form. */ if (ndirlist >= MAX_STACK_DIRS)