From: Alan Modra <amodra@gmail.com>
Date: Mon, 8 Dec 2025 05:30:16 +0000 (+1030)
Subject: PR 33698 and PR 33700
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea4bc025abdba85a90e26e13f551c16a44bfa921;p=thirdparty%2Fbinutils-gdb.git

PR 33698 and PR 33700

It is possible for dump_relocations to return on an error from
slurp_rela_relocs or slurp_rel_relocs without writing to
"all_relocations".  In that case an uninitialised r_symbol is passed
to free at the end of process_got_section_contents.

	PR 33698
	PR 33700
	* readelf.c (update_all_relocations): Zero array.  Remove
	unnecessary casts.
---

diff --git a/binutils/readelf.c b/binutils/readelf.c
index b3f59aa2128..064c16056a2 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -1794,7 +1794,7 @@ update_all_relocations (size_t nentries)
   if (!all_relocations_root)
     {
       sz = nentries * sizeof (elf_relocation);
-      all_relocations_root = (elf_relocation *) xmalloc (sz);
+      all_relocations_root = xmalloc (sz);
       all_relocations = all_relocations_root;
       all_relocations_count = nentries;
     }
@@ -1802,11 +1802,11 @@ update_all_relocations (size_t nentries)
     {
       size_t orig_count = all_relocations_count;
       sz = (orig_count + nentries) * sizeof (elf_relocation);
-      all_relocations_root = (elf_relocation *)
-	xrealloc (all_relocations_root, sz);
+      all_relocations_root = xrealloc (all_relocations_root, sz);
       all_relocations = all_relocations_root + orig_count;
       all_relocations_count += nentries;
     }
+  memset (all_relocations, 0, nentries * sizeof (elf_relocation));
 }
 
 static uint64_t