PR 33698 and PR 33700

It is possible for dump_relocations to return on an error from
slurp_rela_relocs or slurp_rel_relocs without writing to
"all_relocations".  In that case an uninitialised r_symbol is passed
to free at the end of process_got_section_contents.

	PR 33698
	PR 33700
	* readelf.c (update_all_relocations): Zero array.  Remove
	unnecessary casts.

diff --git a/binutils/readelf.c b/binutils/readelf.c
index b3f59aa21283ca6b15ef131f43e8ea98754c7fb6..064c16056a27b45db5188e1268b4596aa4e59565 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -1794,7 +1794,7 @@ update_all_relocations (size_t nentries)
   if (!all_relocations_root)
     {
       sz = nentries * sizeof (elf_relocation);
-      all_relocations_root = (elf_relocation *) xmalloc (sz);
+      all_relocations_root = xmalloc (sz);
       all_relocations = all_relocations_root;
       all_relocations_count = nentries;
     }
@@ -1802,11 +1802,11 @@ update_all_relocations (size_t nentries)
     {
       size_t orig_count = all_relocations_count;
       sz = (orig_count + nentries) * sizeof (elf_relocation);
-      all_relocations_root = (elf_relocation *)
-       xrealloc (all_relocations_root, sz);
+      all_relocations_root = xrealloc (all_relocations_root, sz);
       all_relocations = all_relocations_root + orig_count;
       all_relocations_count += nentries;
     }
+  memset (all_relocations, 0, nentries * sizeof (elf_relocation));
 }
 
 static uint64_t