MatCat.OpenSource/8sa1-binutils-gdb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

PR26741, benign use after free in riscv_parse_prefixed_ext

Browse Source 
ISO/IEC 9899:1999 C standard "J.2 Undefined behavior" says the
following is undefined behaviour:

"The value of a pointer that refers to space deallocated by a call to
the free or realloc function is used (7.20.3)."

	PR 26741
	* elfxx-riscv.c (riscv_parse_prefixed_ext): Free subset after
	calculating subset version length.
This commit is contained in:
Alan Modra 2021-01-04 10:19:14 +10:30
parent a7c23ac931
commit e9cf3691bf
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bfd/ChangeLog
View File

@ -1,3 +1,9 @@
2021-01-04 Alan Modra <amodra@gmail.com>
PR 26741
* elfxx-riscv.c (riscv_parse_prefixed_ext): Free subset after
calculating subset version length.
2021-01-01 Nicolas Boulenguez <nicolas@debian.org>
* xcofflink.c: Correct spelling in comments.

2
bfd/elfxx-riscv.c
View File

@ -1572,8 +1572,8 @@ riscv_parse_prefixed_ext (riscv_parse_subset_t *rps,
riscv_parse_add_subset (rps, subset,
major_version,
minor_version, FALSE);
free (subset);
p += end_of_version - subset;
free (subset);
if (*p != '\0' && *p != '_')
{