From ea4bc025abdba85a90e26e13f551c16a44bfa921 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Mon, 8 Dec 2025 16:00:16 +1030 Subject: [PATCH] PR 33698 and PR 33700 It is possible for dump_relocations to return on an error from slurp_rela_relocs or slurp_rel_relocs without writing to "all_relocations". In that case an uninitialised r_symbol is passed to free at the end of process_got_section_contents. PR 33698 PR 33700 * readelf.c (update_all_relocations): Zero array. Remove unnecessary casts. --- binutils/readelf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/binutils/readelf.c b/binutils/readelf.c index b3f59aa2128..064c16056a2 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -1794,7 +1794,7 @@ update_all_relocations (size_t nentries) if (!all_relocations_root) { sz = nentries * sizeof (elf_relocation); - all_relocations_root = (elf_relocation *) xmalloc (sz); + all_relocations_root = xmalloc (sz); all_relocations = all_relocations_root; all_relocations_count = nentries; } @@ -1802,11 +1802,11 @@ update_all_relocations (size_t nentries) { size_t orig_count = all_relocations_count; sz = (orig_count + nentries) * sizeof (elf_relocation); - all_relocations_root = (elf_relocation *) - xrealloc (all_relocations_root, sz); + all_relocations_root = xrealloc (all_relocations_root, sz); all_relocations = all_relocations_root + orig_count; all_relocations_count += nentries; } + memset (all_relocations, 0, nentries * sizeof (elf_relocation)); } static uint64_t -- 2.47.3