From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Pt5a=7Z=gmail.com=amodra@sourceware.org>
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030])
	by sourceware.org (Postfix) with ESMTPS id AFB463858CDB
	for <binutils@sourceware.org>; Sun,  2 Apr 2023 22:22:35 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AFB463858CDB
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pj1-x1030.google.com with SMTP id e15-20020a17090ac20f00b0023d1b009f52so30667041pjt.2
        for <binutils@sourceware.org>; Sun, 02 Apr 2023 15:22:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112; t=1680474154;
        h=content-disposition:mime-version:message-id:subject:to:from:date
         :from:to:cc:subject:date:message-id:reply-to;
        bh=7K1UHxSHCwcoZYZ+HPt/RVRuZNtwMrCqVzOPDTQn7tM=;
        b=QynP5EFMmaY4yxnukwfx/iV6/K81fdFaZxW0rv4frWan1+nOuR7xqRu2FmXOg/4Xzg
         7nCOrPotdqF9xv9pmhe21vBnofglUrRydgY5c8XqfRJQ4YfSuig/wUXf4MzIVyaubdVW
         1gMlWB1wyENmkojOhrcgVGxfNfi5aGFUkd+AT0Q0DAJpr/p5L02rHT3N1uzXQXhgKtyw
         Q+TG/iRLRznoaD5VAZ/0SKVNVs9IipHgwiKGpF+gz48DxY5ZOcuyvLI+bQs//NFXlIfR
         4kmSBYLX3luVZ81yeKStwIaZpEaEw8b88zSf7zzRDw1J+jCRBesxGvzj4NDB23YCLnyh
         lXSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1680474154;
        h=content-disposition:mime-version:message-id:subject:to:from:date
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=7K1UHxSHCwcoZYZ+HPt/RVRuZNtwMrCqVzOPDTQn7tM=;
        b=oeEj0giYvLNDThIF0wIxnOgWM8psdEpBg6S4YfY/2azeVefjsExv4W6F8mN5SkvZ49
         wz3jL+JNLFiAv3R5uOgaKdOoG4vaeb+Xsw3IEpUUAhvq4heP4LO+Vm6mWbPLvBP/kTWS
         FJljrkXBhD/mPaF2nj82uy2X42FIg8S+uMNqgIFHsNPm1UhpH9/1Oadedf7TnrpHYqER
         b7WHt8PqxQkJaTX963lbjSpXOdQ44CQxgUbMgxtozffKztcRlbpHbRhxBzUSnM9AJeJA
         qehCI5rHDlTvgiLXoglQ3Q59rL3Lxs8wUA/VwjP+gQAhIwv46ytlHXbl7mDUW8Eut0a3
         yxWA==
X-Gm-Message-State: AAQBX9dWlR1lAjk3VlhFf0zXclsuVlfmjBS32f5B7PrrUspfvIkfvlPv
	4A3/29ZZkhi8xmUcLiXePlyfJ2+uwBk=
X-Google-Smtp-Source: AKy350bAMcXy+gDEQmBL5MWLB4VQLis88b9Kz1n7zUeGl4jMiCpHmmDFm6Iut9kjnSqGFXCK4cTd/A==
X-Received: by 2002:a17:903:20d4:b0:1a1:c746:7d6f with SMTP id i20-20020a17090320d400b001a1c7467d6fmr26547917plb.53.1680474153929;
        Sun, 02 Apr 2023 15:22:33 -0700 (PDT)
Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:4c75:41d5:4aa9:f18e])
        by smtp.gmail.com with ESMTPSA id g3-20020a170902740300b001a19f2f81a3sm5200288pll.175.2023.04.02.15.22.32
        for <binutils@sourceware.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 02 Apr 2023 15:22:32 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
	id 8B2C61140137; Mon,  3 Apr 2023 07:52:30 +0930 (ACST)
Date: Mon, 3 Apr 2023 07:52:30 +0930
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: Memory leak in process_abbrev_set
Message-ID: <ZCoAJjprIo2dA8lE@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3034.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <binutils.sourceware.org>

We may have added some abbrevs to the list before hitting an error.
Free the list elements too.  free_abbrev_list returns list->next so we
need to init it earlier to avoid an uninitialised memory access.

	* dwarf.c (process_abbrev_set): Call free_abbrev_list on errors.
	Set list->next earlier.

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index d6fc9fe991c..d08f01cab79 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -990,6 +990,7 @@ process_abbrev_set (struct dwarf_section *section,
   list->first_abbrev = NULL;
   list->last_abbrev = NULL;
   list->raw = start;
+  list->next = NULL;
 
   while (start < end)
     {
@@ -1005,17 +1006,13 @@ process_abbrev_set (struct dwarf_section *section,
 	 the caller.  */
       if (start == end || entry == 0)
 	{
-	  list->next = NULL;
 	  list->start_of_next_abbrevs = start != end ? start : NULL;
 	  return list;
 	}
 
       READ_ULEB (tag, start, end);
       if (start == end)
-	{
-	  free (list);
-	  return NULL;
-	}
+	return free_abbrev_list (list);
 
       children = *start++;
 
@@ -1050,8 +1047,7 @@ process_abbrev_set (struct dwarf_section *section,
   /* Report the missing single zero which ends the section.  */
   error (_("%s section not zero terminated\n"), section->name);
 
-  free (list);
-  return NULL;
+  return free_abbrev_list (list);
 }
 
 /* Return a sequence of abbrevs in SECTION starting at ABBREV_BASE

-- 
Alan Modra
Australia Development Lab, IBM