Hi,

This patch ensure that when an error is detected, the freed variables in
elf_symloadx() are reinitialised.

Else show_file() in nm.c will used these variables, even if they has
just been freed. (nm.c +689).

Problem found by afl.
-- 
Sébastien Marie


Index: elf.c
===================================================================
RCS file: /cvs/src/usr.bin/nm/elf.c,v
retrieving revision 1.28
diff -u -p -r1.28 elf.c
--- elf.c       17 May 2015 20:19:08 -0000      1.28
+++ elf.c       19 Jun 2015 06:42:12 -0000
@@ -479,6 +479,7 @@ elf_symloadx(const char *name, FILE *fp,
                                warn("%s: malloc names", name);
                                if (stab)
                                        MUNMAP(stab, *pstabsize);
+                               *pnrawnames = 0;
                                return (1);
                        }
                        if ((*psnames = calloc(*pnrawnames, sizeof(np))) == 
NULL) {
@@ -486,6 +487,8 @@ elf_symloadx(const char *name, FILE *fp,
                                if (stab)
                                        MUNMAP(stab, *pstabsize);
                                free(*pnames);
+                               *pnames = NULL;
+                               *pnrawnames = 0;
                                return (1);
                        }
 
@@ -497,6 +500,9 @@ elf_symloadx(const char *name, FILE *fp,
                                                MUNMAP(stab, *pstabsize);
                                        free(*pnames);
                                        free(*psnames);
+                                       *pnames = NULL;
+                                       *psnames = NULL;
+                                       *pnrawnames = 0;
                                        return (1);
                                }
 
Index: util.h
===================================================================
RCS file: /cvs/src/usr.bin/nm/util.h,v
retrieving revision 1.3
diff -u -p -r1.3 util.h
--- util.h      17 May 2015 20:19:08 -0000      1.3
+++ util.h      19 Jun 2015 06:42:12 -0000
@@ -26,6 +26,7 @@
                munmap(addr, len);                                      \
        else                                                            \
                free(addr);                                             \
+       addr = NULL;                                                    \
 } while (0)
 
 extern int usemmap;

Reply via email to