libdw: Fix bad free on invalid data in dwarf_getsrclines.c.

If the last dir name wasn't zero terminated we goto invalid_data
and might free the wrong data because we believe ndirlist is valid.
Don't update ndirlist until we are sure we will use all dirs.

Signed-off-by: Mark Wielaard <mjw@redhat.com>

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index fc80e8d2478fef718fb7c60ce33817665f005cfa..36c332aee6cbf4588eb0924f8f38ead8ddde8dd2 100644 (file)
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,8 @@
+2016-02-13  Mark Wielaard  <mjw@redhat.com>
+
+       * dwarf_getsrclines.c (read_srclines): Calculate ndirs first, then
+       assign to ndirlist.
+
 2015-12-18  Mark Wielaard  <mjw@redhat.com>
 
        * libdwP.h (struct Dwarf): Remove sectiondata_gzip_mask.

diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index dd1b3c1fedda6776455546b6a31a91bdc994dbbd..d02c38db40eb8f01b19acb662f214fa62b057d89 100644 (file)
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -1,5 +1,5 @@
 /* Return line number information of CU.
-   Copyright (C) 2004-2010, 2013, 2014, 2015 Red Hat, Inc.
+   Copyright (C) 2004-2010, 2013, 2014, 2015, 2016 Red Hat, Inc.
    This file is part of elfutils.
    Written by Ulrich Drepper <drepper@redhat.com>, 2004.
 
@@ -288,14 +288,16 @@ read_srclines (Dwarf *dbg,
 
   /* First count the entries.  */
   const unsigned char *dirp = linep;
+  unsigned int ndirs = 0;
   while (*dirp != 0)
     {
       uint8_t *endp = memchr (dirp, '\0', lineendp - dirp);
       if (endp == NULL)
        goto invalid_data;
-      ++ndirlist;
+      ++ndirs;
       dirp = endp + 1;
     }
+  ndirlist += ndirs;
 
   /* Arrange the list in array form.  */
   if (ndirlist >= MAX_STACK_DIRS)