Signed-off-by: Mark Wielaard <[email protected]> --- src/ChangeLog | 4 ++++ src/readelf.c | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/ChangeLog b/src/ChangeLog index 15e6fae..b548851 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2015-06-18 Mark Wielaard <[email protected]> + + * readelf.c (handle_gnu_hash): Free lengths on invalid_data. + 2015-06-09 Mark Wielaard <[email protected]> * addr2line.c (print_dwarf_function): Always free scopes before diff --git a/src/readelf.c b/src/readelf.c index b4cb3a8..9afe8db 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -3092,6 +3092,7 @@ handle_sysv_hash64 (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx) static void handle_gnu_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx) { + uint32_t *lengths = NULL; Elf_Data *data = elf_getdata (scn, NULL); if (unlikely (data == NULL)) { @@ -3103,6 +3104,7 @@ handle_gnu_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx) if (unlikely (data->d_size < 4 * sizeof (Elf32_Word))) { invalid_data: + free (lengths); error (0, 0, gettext ("invalid data in gnu.hash section %d"), (int) elf_ndxscn (scn)); return; @@ -3131,7 +3133,7 @@ handle_gnu_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx) if (used_buf > data->d_size) goto invalid_data; - uint32_t *lengths = (uint32_t *) xcalloc (nbucket, sizeof (uint32_t)); + lengths = (uint32_t *) xcalloc (nbucket, sizeof (uint32_t)); Elf32_Word *bitmask = &((Elf32_Word *) data->d_buf)[4]; Elf32_Word *bucket = &((Elf32_Word *) data->d_buf)[4 + bitmask_words]; -- 1.8.3.1
