From: Mark Wielaard <mjw@redhat.com>
Date: Thu, 18 Jun 2015 08:57:53 +0000 (+0200)
Subject: readelf: Don't leak memory on failure path in handle_gnu_hash.
X-Git-Tag: elfutils-0.163~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90a7bd23b1f4ffcace0721634f97ce34553c2288;p=thirdparty%2Felfutils.git

readelf: Don't leak memory on failure path in handle_gnu_hash.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 13e66e1c2..d11b0e6b5 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2015-06-18  Mark Wielaard  <mjw@redhat.com>
+
+	* readelf.c (handle_gnu_hash): Free lengths on invalid_data.
+
 2015-06-18  Mark Wielaard  <mjw@redhat.com>
 
 	* elflint.c (check_symtab): Only check the PT_TLS phdr if it actually
diff --git a/src/readelf.c b/src/readelf.c
index b4cb3a827..9afe8dba4 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -3092,6 +3092,7 @@ handle_sysv_hash64 (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
 static void
 handle_gnu_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
 {
+  uint32_t *lengths = NULL;
   Elf_Data *data = elf_getdata (scn, NULL);
   if (unlikely (data == NULL))
     {
@@ -3103,6 +3104,7 @@ handle_gnu_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
   if (unlikely (data->d_size < 4 * sizeof (Elf32_Word)))
     {
     invalid_data:
+      free (lengths);
       error (0, 0, gettext ("invalid data in gnu.hash section %d"),
 	     (int) elf_ndxscn (scn));
       return;
@@ -3131,7 +3133,7 @@ handle_gnu_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
   if (used_buf > data->d_size)
     goto invalid_data;
 
-  uint32_t *lengths = (uint32_t *) xcalloc (nbucket, sizeof (uint32_t));
+  lengths = (uint32_t *) xcalloc (nbucket, sizeof (uint32_t));
 
   Elf32_Word *bitmask = &((Elf32_Word *) data->d_buf)[4];
   Elf32_Word *bucket = &((Elf32_Word *) data->d_buf)[4 + bitmask_words];