From 177f76ee3be44a88fced2788aabb835771c87c00 Mon Sep 17 00:00:00 2001
From: Matthias Maennich <maennich@google.com>
Date: Thu, 18 Apr 2019 11:33:34 +0200
Subject: [PATCH] dwarf-reader: fix undefined behaviour in
 get_binary_load_address

Within the loop, the call `gelf_getphdr(elf_handle, i, &ph_mem)` is
returning a pointer to `ph_mem` that is only valid in this loop
iteration. The later assignment to *lowest_program_header and its
eventual use to assign load_address leads to undefined behaviour.

	* src/abg-dwarf-reader.cc (get_binary_load_address): Move the
	ph_mem and program_header variables out of the inner for-loop.

Signed-off-by: Dodji Seketeli <dodji@redhat.com>
---
 src/abg-dwarf-reader.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/abg-dwarf-reader.cc b/src/abg-dwarf-reader.cc
index e0638c9d..1815034c 100644
--- a/src/abg-dwarf-reader.cc
+++ b/src/abg-dwarf-reader.cc
@@ -1104,12 +1104,12 @@ get_binary_load_address(Elf *elf_handle,
   GElf_Ehdr eh_mem;
   GElf_Ehdr *elf_header = gelf_getehdr(elf_handle, &eh_mem);
   size_t num_segments = elf_header->e_phnum;
-  GElf_Phdr *lowest_program_header = 0;
+  GElf_Phdr *lowest_program_header = 0, *program_header = 0;
+  GElf_Phdr ph_mem;
 
   for (unsigned i = 0; i < num_segments; ++i)
     {
-      GElf_Phdr ph_mem;
-      GElf_Phdr *program_header = gelf_getphdr(elf_handle, i, &ph_mem);
+      program_header = gelf_getphdr(elf_handle, i, &ph_mem);
       if (program_header->p_type == PT_LOAD
 	  && (!lowest_program_header
 	      || program_header->p_vaddr < lowest_program_header->p_vaddr))
-- 
2.43.5