This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[COMMITTED] libdwfl: Don't call realloc with zero in cu.c addraranges.
- From: Mark Wielaard <mark at klomp dot org>
- To: elfutils-devel at sourceware dot org
- Cc: Mark Wielaard <mark at klomp dot org>
- Date: Sun, 28 Apr 2019 13:26:18 +0200
- Subject: [COMMITTED] libdwfl: Don't call realloc with zero in cu.c addraranges.
Calling realloc when naranges is zero will result is trying to free
aranges. If realloc does free aranges it returns NULL, which means
aranges is still assigned. This is likely not a problem, because in
most cases aranges will be NULL already. But if it was not and
naranges does turn out to be zero after reduction (which would be
invalid DWARF) we are left with a dangling pointer.
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
libdwfl/ChangeLog | 4 ++++
libdwfl/cu.c | 7 +++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 1da888f6f..3e19d9bd1 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
+2019-04-28 Mark Wielaard <mark@klomp.org>
+
+ * cu.c (addrarange): Only call realloc when naranges is not zero.
+
2019-03-27 Mark Wielaard <mark@klomp.org>
* dwfl_segment_report_module.c (dwfl_segment_report_module): Check
diff --git a/libdwfl/cu.c b/libdwfl/cu.c
index 94bfad8df..4de66248b 100644
--- a/libdwfl/cu.c
+++ b/libdwfl/cu.c
@@ -83,8 +83,11 @@ addrarange (Dwfl_Module *mod, Dwarf_Addr addr, struct dwfl_arange **arange)
/* Store the final array, which is probably much smaller than before. */
mod->naranges = naranges;
- mod->aranges = (realloc (aranges, naranges * sizeof aranges[0])
- ?: aranges);
+ if (naranges > 0)
+ mod->aranges = (realloc (aranges, naranges * sizeof aranges[0])
+ ?: aranges);
+ else if (aranges != NULL)
+ free (aranges);
mod->lazycu += naranges;
}
--
2.20.1