readelf: Don't leak lengths array when detecting an invalid hash chain.

In both handle_sysv_hash and handle_sysv_hash64 we check the has chain
isn't too long. If it is we would report an error and leak the lengths
array. Just clean up the array even in the error case.

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/src/ChangeLog b/src/ChangeLog
index 83c8532766b55e024f296bcdda7a20f7e0894fdc..65f9dc7720b97aa025e6c427d31690acd38529df 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2018-06-05  Mark Wielaard  <mark@klomp.org>
+
+       * readelf.c (handle_sysv_hash): Don't leak lengths array when
+       detecting an invalid chain.
+       (handle_sysv_hash64): Likewise.
+
 2018-06-05  Mark Wielaard  <mark@klomp.org>
 
        * readelf.c (print_debug_macro_section): Extend vendor array by one

diff --git a/src/readelf.c b/src/readelf.c
index 11a9b0e7a0f9c25a83b8b168610c45d046cfa359..233312fe3291d8728c86963863e2074a65b3a96e 100644 (file)
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -3213,7 +3213,12 @@ handle_sysv_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
          ++nsyms;
          ++chain_len;
          if (chain_len > nchain)
-           goto invalid_data;
+           {
+             error (0, 0, gettext ("invalid chain in sysv.hash section %d"),
+                    (int) elf_ndxscn (scn));
+             free (lengths);
+             return;
+           }
          if (maxlength < ++lengths[cnt])
            ++maxlength;
 
@@ -3274,7 +3279,12 @@ handle_sysv_hash64 (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
          ++nsyms;
          ++chain_len;
          if (chain_len > nchain)
-           goto invalid_data;
+           {
+             error (0, 0, gettext ("invalid chain in sysv.hash64 section %d"),
+                    (int) elf_ndxscn (scn));
+             free (lengths);
+             return;
+           }
          if (maxlength < ++lengths[cnt])
            ++maxlength;