espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-23 03:29:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

asan: use after free in _bfd_elf_mips_get_relocated_section_contents

Browse Source 
Leaving entries on mips_hi16_list from a previous pass over relocs
leads to confusing bugs.

	* elfxx-mips.c (_bfd_elf_mips_get_relocated_section_contents):
	Free mips_hi16_list entries on error exit.
This commit is contained in:
Alan Modra
2021-12-17 15:01:20 +10:30
parent cfabce5ba1
commit 7ebf6ed02b
1 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
bfd/elfxx-mips.c
View File

@ -13242,7 +13242,26 @@ _bfd_elf_mips_get_relocated_section_contents
reloc_vector = (arelent **) bfd_malloc (reloc_size); reloc_vector = (arelent **) bfd_malloc (reloc_size);
if (reloc_vector == NULL) if (reloc_vector == NULL)
return NULL; {
struct mips_hi16 **hip, *hi;
error_return:
/* If we are going to return an error, remove entries on
mips_hi16_list that point into this section's data. Data
will typically be freed on return from this function. */
hip = &mips_hi16_list;
while ((hi = *hip) != NULL)
{
if (hi->input_section == input_section)
{
*hip = hi->next;
free (hi);
}
else
hip = &hi->next;
}
data = NULL;
goto out;
}
reloc_count = bfd_canonicalize_reloc (input_bfd, reloc_count = bfd_canonicalize_reloc (input_bfd,
input_section, input_section,
@ -13432,12 +13451,9 @@ _bfd_elf_mips_get_relocated_section_contents
} }
} }
out:
free (reloc_vector); free (reloc_vector);
return data; return data;
error_return:
free (reloc_vector);
return NULL;
} }
static bool static bool