Hi,
If the allocation of abbrevs->abbrevs in read_abbrevs fails, then
abbrevs->num_abbrevs remains nonzero, and consequently free_abbrevs will
segfault when accessing abbrevs->abbrevs.
Fix this by setting abbrevs->num_abbrevs only after abbrevs->abbrevs
allocation has succeeded.
Bootstrapped and reg-tested on x86_64.
OK for trunk?
Thanks,
- Tom
[libbacktrace] Fix segfault upon allocation failure
2018-11-27 Tom de Vries <tdevr...@suse.de>
* dwarf.c (read_abbrevs): Fix handling of abbrevs->abbrevs allocation
failure.
---
libbacktrace/dwarf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libbacktrace/dwarf.c b/libbacktrace/dwarf.c
index 4e93f120820..34543747c8f 100644
--- a/libbacktrace/dwarf.c
+++ b/libbacktrace/dwarf.c
@@ -1105,13 +1105,13 @@ read_abbrevs (struct backtrace_state *state, uint64_t
abbrev_offset,
if (num_abbrevs == 0)
return 1;
- abbrevs->num_abbrevs = num_abbrevs;
abbrevs->abbrevs = ((struct abbrev *)
backtrace_alloc (state,
num_abbrevs * sizeof (struct abbrev),
error_callback, data));
if (abbrevs->abbrevs == NULL)
return 0;
+ abbrevs->num_abbrevs = num_abbrevs;
memset (abbrevs->abbrevs, 0, num_abbrevs * sizeof (struct abbrev));
num_abbrevs = 0;
