Google Git
Sign in
gnu/binutils-gdb/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4^!/.
commit
e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4
[log]
author
Alan Modra <amodra@gmail.com>
Wed Feb 19 22:45:29 2025 +1030
committer
Alan Modra <amodra@gmail.com>
Wed Feb 19 23:03:11 2025 +1030
tree
c1c459a86a63c63b01fd9f21c48bf8ca21a84242
parent
1dd0c74551166c07ba0f26d10432ffa577453713 [diff]
binutils/dwarf.c debug_information leak

It is possible with fuzzed files to have num_debug_info_entries zero
after allocating space for debug_information, leading to multiple
allocations.

	* dwarf.c (process_debug_info): Don't test num_debug_info_entries
	to determine whether debug_information has been allocated,
	test alloc_num_debug_info_entries.

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 8e004ce..bfbf83e 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c

@@ -3807,13 +3807,11 @@
     }
 
   if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info)
-      && num_debug_info_entries == 0
-      && ! do_types)
+      && alloc_num_debug_info_entries == 0
+      && !do_types)
     {
-
       /* Then allocate an array to hold the information.  */
-      debug_information = (debug_info *) cmalloc (num_units,
-						  sizeof (* debug_information));
+      debug_information = cmalloc (num_units, sizeof (*debug_information));
       if (debug_information == NULL)
 	{
 	  error (_("Not enough memory for a debug info array of %u entries\n"),