From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf1-x442.google.com (mail-pf1-x442.google.com [IPv6:2607:f8b0:4864:20::442]) by sourceware.org (Postfix) with ESMTPS id 51E48385E006 for ; Fri, 27 Mar 2020 00:13:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 51E48385E006 Received: by mail-pf1-x442.google.com with SMTP id h72so3628266pfe.4 for ; Thu, 26 Mar 2020 17:13:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=bMMeY5sPeiOsByJyWRbsSjzropO4aaVOovsXOTT50Bc=; b=bTeGY1+lD5FJJ0aRWNMUGZW90S+oMMTvHLLyyMTg4KqVnNu7yw10rBLABiS8zQtpbO ozWePFWhldQ2wmV3cVcX40yL0940rRQps2H/E7wXfVuQD1/2OFyknEZCbX15HNweKZSY HMZcnqc7RVimLVkmeUPwbY+lmB2bfDJgJ9Zov4XaMnHKRdHhU/rZCs/yZqJU1oNuDued j5DMViVsAcNFZQD8c06jUXL6iVcgQ+ExqA4K0GyTMDhIb+lyol41nBWk9EwdM62ZLxDe 9CJqm2Sz6YthUugfnegRLoaZCDP/NGdEkOcCagWTycIMWZ3sc21EX0nPYLxCci46ES4d 3vgA== X-Gm-Message-State: ANhLgQ37geRCiqIldXBgDBBNpaPADFNIJvo4jm2N+0iq2EFXGd2MIgFo Csvnclm38Z/caxuEwHsgJU/b0UaZvWc= X-Google-Smtp-Source: ADFU+vtwIJ49gQJJlMADJdmOTekppHe5kIeAIDVXcXFvo73yt8f42yWVpMNBG93caugxqU64qM7ZQQ== X-Received: by 2002:a62:170f:: with SMTP id 15mr11397342pfx.12.1585268020094; Thu, 26 Mar 2020 17:13:40 -0700 (PDT) Received: from bubble.grove.modra.org ([2406:3400:51d:8cc0:1d2f:b2c4:42f4:f0aa]) by smtp.gmail.com with ESMTPSA id m2sm2586079pge.81.2020.03.26.17.13.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Mar 2020 17:13:39 -0700 (PDT) Received: by bubble.grove.modra.org (Postfix, from userid 1000) id A517A806AE; Fri, 27 Mar 2020 10:43:35 +1030 (ACDT) Date: Fri, 27 Mar 2020 10:43:35 +1030 From: Alan Modra To: binutils@sourceware.org Subject: Re: readelf looping in process_archive Message-ID: <20200327001334.GP4583@bubble.grove.modra.org> References: <20200325120212.GG4583@bubble.grove.modra.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200325120212.GG4583@bubble.grove.modra.org> User-Agent: Mutt/1.9.4 (2018-02-28) X-Spam-Status: No, score=-24.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Mar 2020 00:13:42 -0000 This patch fixes a leak of qualified_name caused by 4c83662712 and a double free introduced by fd486f32d1. Not breaking out of the loop results in an error: "failed to seek to next archive header". That's slightly better than silently preventing the possibility of endless loops. * readelf.c (process_archive): Don't double free qualified_name. Don't break out of loop with "negative" archive_file_size, just set file offset to max. diff --git a/binutils/readelf.c b/binutils/readelf.c index 9bc15e4d0b..eb41e10dae 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -20461,7 +20461,6 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive) close_file (member_filedata); free (member_file_name); - free (qualified_name); } else if (is_thin_archive) { @@ -20511,7 +20510,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive) arch.next_arhdr_offset += archive_file_size; /* Stop looping with "negative" archive_file_size. */ if (arch.next_arhdr_offset < archive_file_size) - break; + arch.next_arhdr_offset = -1ul; } free (qualified_name); -- Alan Modra Australia Development Lab, IBM