In both handle_sysv_hash and handle_sysv_hash64 we check the has chain
isn't too long. If it is we would report an error and leak the lengths
array. Just clean up the array even in the error case.
Signed-off-by: Mark Wielaard <m...@klomp.org>
---
src/ChangeLog | 6 ++++++
src/readelf.c | 14 ++++++++++++--
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/src/ChangeLog b/src/ChangeLog
index c376a5b..1bb5696 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,11 @@
2018-06-05 Mark Wielaard <m...@klomp.org>
+ * readelf.c (handle_sysv_hash): Don't leak lengths array when
+ detecting an invalid chain.
+ (handle_sysv_hash64): Likewise.
+
+2018-06-05 Mark Wielaard <m...@klomp.org>
+
* readelf.c (print_debug_macro_section): Extend vendor array by one
to include max DW_MACRO_hi_user opcode.
diff --git a/src/readelf.c b/src/readelf.c
index 6c17788..ce959b3 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -3200,7 +3200,12 @@ handle_sysv_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr
*shdr, size_t shstrndx)
++nsyms;
++chain_len;
if (chain_len > nchain)
- goto invalid_data;
+ {
+ error (0, 0, gettext ("invalid chain in sysv.hash section %d"),
+ (int) elf_ndxscn (scn));
+ free (lengths);
+ return;
+ }
if (maxlength < ++lengths[cnt])
++maxlength;
@@ -3261,7 +3266,12 @@ handle_sysv_hash64 (Ebl *ebl, Elf_Scn *scn, GElf_Shdr
*shdr, size_t shstrndx)
++nsyms;
++chain_len;
if (chain_len > nchain)
- goto invalid_data;
+ {
+ error (0, 0, gettext ("invalid chain in sysv.hash64 section %d"),
+ (int) elf_ndxscn (scn));
+ free (lengths);
+ return;
+ }
if (maxlength < ++lengths[cnt])
++maxlength;
--
1.8.3.1
