[COMMITTED] libdwfl: Fix double free on failure path in gzip.c.
Mark Wielaard
mark@klomp.org
Sun Apr 26 00:39:55 GMT 2020
GCC10 -fanalyzer found a double free when openstream failed. When
openstream fails __libdw_gunzip will call fail, which frees the
state->buffer. But openstream can call zlib_fail, which will also
call fail. Instead of calling zlib_fail, just return the error
that zlib_fail would have returned.
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
libdwfl/ChangeLog | 5 +++++
libdwfl/gzip.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 4ddc9ad4..daedaed8 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2020-04-25 Mark Wielaard <mark@klomp.org>
+
+ * gzip.c (open_stream): Return DWFL_E_NOMEM instead of calling
+ zlib_fail.
+
2020-04-16 Mark Wielaard <mark@klomp.org>
* find-debuginfo.c (dwfl_standard_find_debuginfo): Initialize bits
diff --git a/libdwfl/gzip.c b/libdwfl/gzip.c
index 043d0b6e..e9988cc2 100644
--- a/libdwfl/gzip.c
+++ b/libdwfl/gzip.c
@@ -153,7 +153,7 @@ open_stream (int fd, off_t start_offset, struct unzip_state *state)
if (unlikely (state->zf == NULL))
{
close (d);
- return zlib_fail (state, Z (MEM_ERROR));
+ return DWFL_E_NOMEM;
}
/* From here on, zlib will close D. */
--
2.18.2
More information about the Elfutils-devel
mailing list