49 lines
1.5 KiB
Diff
49 lines
1.5 KiB
Diff
From cfc16775b7678e1ad8f9fce048652defd78e3787 Mon Sep 17 00:00:00 2001
|
|
From: Alan Modra <amodra@gmail.com>
|
|
Date: Sat, 27 Jun 2020 12:47:45 +0930
|
|
Subject: [PATCH] asan: readelf: use after free in process_archive
|
|
|
|
Reference: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=cfc16775b7678e1ad8f9fce048652defd78e3787
|
|
|
|
This tidies up in cases where fuzzed thin archives hit the error return
|
|
path in setup_nested_archive.
|
|
|
|
* elfcomm.c (setup_nested_archive): Set nested_arch->file to NULL
|
|
after freeing.
|
|
(release_archive): Set fields of arch to NULL after freeing.
|
|
---
|
|
binutils/ChangeLog | 6 ++++++
|
|
binutils/elfcomm.c | 9 ++++++++-
|
|
2 files changed, 14 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/binutils/elfcomm.c b/binutils/elfcomm.c
|
|
index 558afa7d056..37f9dbe7eef 100644
|
|
--- a/binutils/elfcomm.c
|
|
+++ b/binutils/elfcomm.c
|
|
@@ -727,7 +727,10 @@ setup_nested_archive (struct archive_info *nested_arch,
|
|
|
|
/* Close previous file and discard cached information. */
|
|
if (nested_arch->file != NULL)
|
|
- fclose (nested_arch->file);
|
|
+ {
|
|
+ fclose (nested_arch->file);
|
|
+ nested_arch->file = NULL;
|
|
+ }
|
|
release_archive (nested_arch);
|
|
|
|
member_file = fopen (member_file_name, "rb");
|
|
@@ -748,6 +751,10 @@ release_archive (struct archive_info * arch)
|
|
free (arch->sym_table);
|
|
if (arch->longnames != NULL)
|
|
free (arch->longnames);
|
|
+ arch->file_name = NULL;
|
|
+ arch->index_array = NULL;
|
|
+ arch->sym_table = NULL;
|
|
+ arch->longnames = NULL;
|
|
}
|
|
|
|
/* Get the name of an archive member from the current archive header.
|
|
--
|
|
2.19.1
|
|
|