* [COMMITTED] libdwfl: Fix double free on failure path in gzip.c.
@ 2020-04-26 0:39 Mark Wielaard
0 siblings, 0 replies; only message in thread
From: Mark Wielaard @ 2020-04-26 0:39 UTC (permalink / raw)
To: elfutils-devel; +Cc: Mark Wielaard
GCC10 -fanalyzer found a double free when openstream failed. When
openstream fails __libdw_gunzip will call fail, which frees the
state->buffer. But openstream can call zlib_fail, which will also
call fail. Instead of calling zlib_fail, just return the error
that zlib_fail would have returned.
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
libdwfl/ChangeLog | 5 +++++
libdwfl/gzip.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 4ddc9ad4..daedaed8 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2020-04-25 Mark Wielaard <mark@klomp.org>
+
+ * gzip.c (open_stream): Return DWFL_E_NOMEM instead of calling
+ zlib_fail.
+
2020-04-16 Mark Wielaard <mark@klomp.org>
* find-debuginfo.c (dwfl_standard_find_debuginfo): Initialize bits
diff --git a/libdwfl/gzip.c b/libdwfl/gzip.c
index 043d0b6e..e9988cc2 100644
--- a/libdwfl/gzip.c
+++ b/libdwfl/gzip.c
@@ -153,7 +153,7 @@ open_stream (int fd, off_t start_offset, struct unzip_state *state)
if (unlikely (state->zf == NULL))
{
close (d);
- return zlib_fail (state, Z (MEM_ERROR));
+ return DWFL_E_NOMEM;
}
/* From here on, zlib will close D. */
--
2.18.2
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-04-26 0:39 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-26 0:39 [COMMITTED] libdwfl: Fix double free on failure path in gzip.c Mark Wielaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).