From: Alan Modra <amodra@gmail.com>
Date: Tue, 10 Feb 2026 00:16:47 +0000 (+1030)
Subject: tidy elf attr error handling
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50c25f4ed4c1cdccf02f5c3c478f44f313243e11;p=thirdparty%2Fbinutils-gdb.git

tidy elf attr error handling

Add a missing error check, and make another error check a little more
stringent.  If it were ever possible for oav2_parse_attr to return
zero, the loop would not terminate.

	* elf-attrs.c (oav2_parse_subsection): Check read_ntbs return
	for errors.  Tidy loop reading attrs, and error on <= 0.
---

diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c
index c4f81ba5f6b..bb542d80ab7 100644
--- a/bfd/elf-attrs.c
+++ b/bfd/elf-attrs.c
@@ -2801,6 +2801,8 @@ oav2_parse_subsection (bfd *abfd,
        subsection_name.  Either the string has to be freed in case of errors,
        or its ownership must be transferred.  */
     int read = read_ntbs (abfd, cursor, subsection_name_end, &subsection_name);
+    if (read <= 0)
+      goto error;
     total_read += read;
     cursor += read;
   }
@@ -2848,25 +2850,22 @@ oav2_parse_subsection (bfd *abfd,
     (subsection_name, scope, comprehension_raw, value_encoding);
 
   /* A subsection can be empty, so 'cursor' can be equal to 'end' here.  */
-  bool err = false;
-  while (!err && cursor < end)
+  while (cursor < end)
     {
       obj_attr_v2_t *attr;
       ssize_t read = oav2_parse_attr (abfd, cursor, end, value_encoding, &attr);
+      if (read <= 0)
+	{
+	  _bfd_elf_obj_attr_subsection_v2_free (*subsec);
+	  *subsec = NULL;
+	  return -1;
+	}
       if (attr != NULL)
 	LINKED_LIST_APPEND (obj_attr_v2_t) (*subsec, attr);
       total_read += read;
-      err |= (read < 0);
       cursor += read;
     }
 
-  if (err)
-    {
-      _bfd_elf_obj_attr_subsection_v2_free (*subsec);
-      *subsec = NULL;
-      return -1;
-    }
-
   BFD_ASSERT (cursor == end);
   return total_read;