[libbacktrace] Fix segfault upon allocation failure

If the allocation of abbrevs->abbrevs in read_abbrevs fails, then abbrevs->num_abbrevs remains nonzero, and consequently free_abbrevs will segfault when accessing abbrevs->abbrevs. Fix this by setting abbrevs->num_abbrevs only after abbrevs->abbrevs allocation has succeeded. Bootstrapped and reg-tested on x86_64. 2018-11-28 Tom de Vries <tdevries@suse.de> * dwarf.c (read_abbrevs): Fix handling of abbrevs->abbrevs allocation failure. From-SVN: r266562
2018-11-28 14:06:23 +00:00 · 2018-11-28 14:06:23 +00:00 · 18c742b5f0
commit 18c742b5f0
parent 2bf8ae1b3d
2 changed files with 6 additions and 1 deletions
--- a/libbacktrace/ChangeLog
+++ b/libbacktrace/ChangeLog
@ -1,3 +1,8 @@
+2018-11-28  Tom de Vries  <tdevries@suse.de>
+
+	* dwarf.c (read_abbrevs): Fix handling of abbrevs->abbrevs allocation
+	failure.
+
 2018-11-27  Tom de Vries  <tdevries@suse.de>

 	* mmap.c (backtrace_vector_release): Same.
--- a/libbacktrace/dwarf.c
+++ b/libbacktrace/dwarf.c
@ -1105,13 +1105,13 @@ read_abbrevs (struct backtrace_state *state, uint64_t abbrev_offset,
  if (num_abbrevs == 0)
    return 1;

-  abbrevs->num_abbrevs = num_abbrevs;
  abbrevs->abbrevs = ((struct abbrev *)
 		      backtrace_alloc (state,
 				       num_abbrevs * sizeof (struct abbrev),
 				       error_callback, data));
  if (abbrevs->abbrevs == NULL)
    return 0;
+  abbrevs->num_abbrevs = num_abbrevs;
  memset (abbrevs->abbrevs, 0, num_abbrevs * sizeof (struct abbrev));

  num_abbrevs = 0;