From 50478b80cede080891996cf080581ca2a0611ce8 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Tue, 5 Jun 2018 21:52:46 +0200
Subject: [PATCH] readelf: Don't leak lengths array when detecting an invalid
 hash chain.

In both handle_sysv_hash and handle_sysv_hash64 we check the has chain
isn't too long. If it is we would report an error and leak the lengths
array. Just clean up the array even in the error case.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 src/ChangeLog |  6 ++++++
 src/readelf.c | 14 ++++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 83c853276..65f9dc772 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2018-06-05  Mark Wielaard  <mark@klomp.org>
+
+	* readelf.c (handle_sysv_hash): Don't leak lengths array when
+	detecting an invalid chain.
+	(handle_sysv_hash64): Likewise.
+
 2018-06-05  Mark Wielaard  <mark@klomp.org>
 
 	* readelf.c (print_debug_macro_section): Extend vendor array by one
diff --git a/src/readelf.c b/src/readelf.c
index 11a9b0e7a..233312fe3 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -3213,7 +3213,12 @@ handle_sysv_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
 	  ++nsyms;
 	  ++chain_len;
 	  if (chain_len > nchain)
-	    goto invalid_data;
+	    {
+	      error (0, 0, gettext ("invalid chain in sysv.hash section %d"),
+		     (int) elf_ndxscn (scn));
+	      free (lengths);
+	      return;
+	    }
 	  if (maxlength < ++lengths[cnt])
 	    ++maxlength;
 
@@ -3274,7 +3279,12 @@ handle_sysv_hash64 (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
 	  ++nsyms;
 	  ++chain_len;
 	  if (chain_len > nchain)
-	    goto invalid_data;
+	    {
+	      error (0, 0, gettext ("invalid chain in sysv.hash64 section %d"),
+		     (int) elf_ndxscn (scn));
+	      free (lengths);
+	      return;
+	    }
 	  if (maxlength < ++lengths[cnt])
 	    ++maxlength;
 
-- 
2.47.2