Hi,
This patch ensure that when an error is detected, the freed variables in
elf_symloadx() are reinitialised.
Else show_file() in nm.c will used these variables, even if they has
just been freed. (nm.c +689).
Problem found by afl.
--
Sébastien Marie
Index: elf.c
===================================================================
RCS file: /cvs/src/usr.bin/nm/elf.c,v
retrieving revision 1.28
diff -u -p -r1.28 elf.c
--- elf.c 17 May 2015 20:19:08 -0000 1.28
+++ elf.c 19 Jun 2015 06:42:12 -0000
@@ -479,6 +479,7 @@ elf_symloadx(const char *name, FILE *fp,
warn("%s: malloc names", name);
if (stab)
MUNMAP(stab, *pstabsize);
+ *pnrawnames = 0;
return (1);
}
if ((*psnames = calloc(*pnrawnames, sizeof(np))) ==
NULL) {
@@ -486,6 +487,8 @@ elf_symloadx(const char *name, FILE *fp,
if (stab)
MUNMAP(stab, *pstabsize);
free(*pnames);
+ *pnames = NULL;
+ *pnrawnames = 0;
return (1);
}
@@ -497,6 +500,9 @@ elf_symloadx(const char *name, FILE *fp,
MUNMAP(stab, *pstabsize);
free(*pnames);
free(*psnames);
+ *pnames = NULL;
+ *psnames = NULL;
+ *pnrawnames = 0;
return (1);
}
Index: util.h
===================================================================
RCS file: /cvs/src/usr.bin/nm/util.h,v
retrieving revision 1.3
diff -u -p -r1.3 util.h
--- util.h 17 May 2015 20:19:08 -0000 1.3
+++ util.h 19 Jun 2015 06:42:12 -0000
@@ -26,6 +26,7 @@
munmap(addr, len); \
else \
free(addr); \
+ addr = NULL; \
} while (0)
extern int usemmap;
