libdwfl: Fix double free on failure path in gzip.c.

GCC10 -fanalyzer found a double free when openstream failed. When
openstream fails __libdw_gunzip will call fail, which frees the
state->buffer. But openstream can call zlib_fail, which will also
call fail. Instead of calling zlib_fail, just return the error
that zlib_fail would have returned.

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 4ddc9ad472a2248a3e9f298cfcec02ac1ee1182b..daedaed8fb68408f764af56d30537d062e810270 100644 (file)
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2020-04-25  Mark Wielaard  <mark@klomp.org>
+
+       * gzip.c (open_stream): Return DWFL_E_NOMEM instead of calling
+       zlib_fail.
+
 2020-04-16  Mark Wielaard  <mark@klomp.org>
 
        * find-debuginfo.c (dwfl_standard_find_debuginfo): Initialize bits

diff --git a/libdwfl/gzip.c b/libdwfl/gzip.c
index 043d0b6ed5832c5e1b106dd93395f13d2a593981..e9988cc2bc3b17a33ae75e5c3953d90ff2b95fa4 100644 (file)
--- a/libdwfl/gzip.c
+++ b/libdwfl/gzip.c
@@ -153,7 +153,7 @@ open_stream (int fd, off_t start_offset, struct unzip_state *state)
     if (unlikely (state->zf == NULL))
       {
        close (d);
-       return zlib_fail (state, Z (MEM_ERROR));
+       return DWFL_E_NOMEM;
       }
 
     /* From here on, zlib will close D.  */