readelf memory leaks processing mips

[Alan Modra]

	* readelf.c (process_mips_specific): Free eopt and iopt.  Avoid
	possibility of overflow when checking number of conflicts.

diff --git a/binutils/readelf.c b/binutils/readelf.c
index eb41e10dae..a25222a614 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -16816,6 +16816,7 @@ process_mips_specific (Filedata * filedata)
 	  if (iopt == NULL)
 	    {
 	      error (_("Out of memory allocating space for MIPS options\n"));
+	      free (eopt);
 	      return FALSE;
 	    }
 
@@ -16838,7 +16839,10 @@ process_mips_specific (Filedata * filedata)
 	      if (option->size < sizeof (* eopt)
 		  || offset + option->size > sect->sh_size)
 		{
-		  error (_("Invalid size (%u) for MIPS option\n"), option->size);
+		  error (_("Invalid size (%u) for MIPS option\n"),
+			 option->size);
+		  free (iopt);
+		  free (eopt);
 		  return FALSE;
 		}
 	      offset += option->size;
@@ -17032,7 +17036,7 @@ process_mips_specific (Filedata * filedata)
 	      offset += option->size;
 	      ++option;
 	    }
-
+	  free (iopt);
 	  free (eopt);
 	}
       else
@@ -17052,7 +17056,7 @@ process_mips_specific (Filedata * filedata)
 
       /* PR 21345 - print a slightly more helpful error message
 	 if we are sure that the cmalloc will fail.  */
-      if (conflictsno * sizeof (* iconf) > filedata->file_size)
+      if (conflictsno > filedata->file_size / sizeof (* iconf))
 	{
 	  error (_("Overlarge number of conflicts detected: %lx\n"),
 		 (long) conflictsno);

-- 
Alan Modra
Australia Development Lab, IBM