readelf: segfault at readelf.c:12227

This is another one where not cleaning up sufficiently after processing one file can lead to errors when processing the next file. We have ngnuchains non-zero but gnuchains NULL in the following: off < ngnuchains && (gnuchains[off] & 1) == 0 * readelf.c (process_symbol_table): Clear ngnuchains, ngnubuckets and nbuckets.
2020-04-20 11:01:47 +09:30 · 2020-04-20 11:01:47 +09:30 · a5e0be5cb2
parent 8ff66993e0
commit a5e0be5cb2
2 changed files with 11 additions and 0 deletions
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@ -1,3 +1,8 @@
+2020-04-20  Alan Modra  <amodra@gmail.com>
+
+	* readelf.c (process_symbol_table): Clear ngnuchains, ngnubuckets
+	and nbuckets.
+
 2020-04-20  Alan Modra  <amodra@gmail.com>

 	* readelf.c (process_section_headers): Free dynamic symbols etc.
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@ -12188,6 +12188,7 @@ process_symbol_table (Filedata * filedata)

  free (buckets);
  buckets = NULL;
+  nbuckets = 0;
  free (chains);
  chains = NULL;

@ -12263,8 +12264,10 @@ process_symbol_table (Filedata * filedata)
    }
  free (gnubuckets);
  gnubuckets = NULL;
+  ngnubuckets = 0;
  free (gnuchains);
  gnuchains = NULL;
+  ngnuchains = 0;
  free (mipsxlat);
  mipsxlat = NULL;
  return TRUE;
@ -12272,12 +12275,15 @@ process_symbol_table (Filedata * filedata)
 err_out:
  free (gnubuckets);
  gnubuckets = NULL;
+  ngnubuckets = 0;
  free (gnuchains);
  gnuchains = NULL;
+  ngnuchains = 0
  free (mipsxlat);
  mipsxlat = NULL;
  free (buckets);
  buckets = NULL;
+  nbuckets = 0;
  free (chains);
  chains = NULL;
  return FALSE;