This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Fix a heap use after free memory access fault when displaying error messages about malformed archive
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 9 Jan 2019 12:26:22 -0000
- Subject: [binutils-gdb] Fix a heap use after free memory access fault when displaying error messages about malformed archive
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=28e817cc440bce73691c03e01860089a0954a837
commit 28e817cc440bce73691c03e01860089a0954a837
Author: Nick Clifton <nickc@redhat.com>
Date: Wed Jan 9 12:25:16 2019 +0000
Fix a heap use after free memory access fault when displaying error messages about malformed archives.
PR 14049
* readelf.c (process_archive): Use arch.file_name in error
messages until the qualified name is available.
Diff:
---
binutils/ChangeLog | 6 ++++++
binutils/readelf.c | 13 ++++++++-----
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index a0faddd..1f17d8f 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2019-01-09 Nick Clifton <nickc@redhat.com>
+
+ PR 14049
+ * readelf.c (process_archive): Use arch.file_name in error
+ messages until the qualified name is available.
+
2019-01-09 Andrew Paprocki <andrew@ishiboo.com>
* configure: Regenerate.
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 44577d8..56b80cc 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -19398,7 +19398,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
/* Read the next archive header. */
if (fseek (filedata->handle, arch.next_arhdr_offset, SEEK_SET) != 0)
{
- error (_("%s: failed to seek to next archive header\n"), filedata->file_name);
+ error (_("%s: failed to seek to next archive header\n"), arch.file_name);
return FALSE;
}
got = fread (&arch.arhdr, 1, sizeof arch.arhdr, filedata->handle);
@@ -19406,7 +19406,10 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
{
if (got == 0)
break;
- error (_("%s: failed to read archive header\n"), filedata->file_name);
+ /* PR 24049 - we cannot use filedata->file_name as this will
+ have already been freed. */
+ error (_("%s: failed to read archive header\n"), arch.file_name);
+
ret = FALSE;
break;
}
@@ -19426,7 +19429,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
name = get_archive_member_name (&arch, &nested_arch);
if (name == NULL)
{
- error (_("%s: bad archive file name\n"), filedata->file_name);
+ error (_("%s: bad archive file name\n"), arch.file_name);
ret = FALSE;
break;
}
@@ -19435,7 +19438,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
qualified_name = make_qualified_name (&arch, &nested_arch, name);
if (qualified_name == NULL)
{
- error (_("%s: bad archive file name\n"), filedata->file_name);
+ error (_("%s: bad archive file name\n"), arch.file_name);
ret = FALSE;
break;
}
@@ -19481,7 +19484,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
if (nested_arch.file == NULL)
{
error (_("%s: contains corrupt thin archive: %s\n"),
- filedata->file_name, name);
+ qualified_name, name);
ret = FALSE;
break;
}