This patch ensure that when an error is detected, the freed variables in

elf_symloadx() are reinitialised.

Else show_file() in nm.c will used these variables, even if they has
just been freed. (nm.c +689).

Problem found by afl.

ok miod@

diff --git a/usr.bin/nm/elf.c b/usr.bin/nm/elf.c
index bf134ad..c44a6ba 100644 (file)
--- a/usr.bin/nm/elf.c
+++ b/usr.bin/nm/elf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: elf.c,v 1.31 2015/06/23 15:13:29 semarie Exp $        */
+/*     $OpenBSD: elf.c,v 1.32 2015/06/23 15:16:34 semarie Exp $        */
 
 /*
  * Copyright (c) 2003 Michael Shalayeff
@@ -498,6 +498,7 @@ elf_symloadx(const char *name, FILE *fp, off_t foff, Elf_Ehdr *eh,
                                warn("%s: malloc names", name);
                                if (stab)
                                        MUNMAP(stab, *pstabsize);
+                               *pnrawnames = 0;
                                return (1);
                        }
                        if ((*psnames = calloc(*pnrawnames, sizeof(np))) == NULL) {
@@ -505,6 +506,8 @@ elf_symloadx(const char *name, FILE *fp, off_t foff, Elf_Ehdr *eh,
                                if (stab)
                                        MUNMAP(stab, *pstabsize);
                                free(*pnames);
+                               *pnames = NULL;
+                               *pnrawnames = 0;
                                return (1);
                        }
 
@@ -516,6 +519,9 @@ elf_symloadx(const char *name, FILE *fp, off_t foff, Elf_Ehdr *eh,
                                                MUNMAP(stab, *pstabsize);
                                        free(*pnames);
                                        free(*psnames);
+                                       *pnames = NULL;
+                                       *psnames = NULL;
+                                       *pnrawnames = 0;
                                        return (1);
                                }
 

diff --git a/usr.bin/nm/util.h b/usr.bin/nm/util.h
index 8e5553e..622f215 100644 (file)
--- a/usr.bin/nm/util.h
+++ b/usr.bin/nm/util.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: util.h,v 1.3 2015/05/17 20:19:08 guenther Exp $       */
+/*     $OpenBSD: util.h,v 1.4 2015/06/23 15:16:34 semarie Exp $        */
 
 /*
  * Placed in the public domain by Todd C. Miller <Todd.Miller@courtesan.com>
@@ -26,6 +26,7 @@
                munmap(addr, len);                                      \
        else                                                            \
                free(addr);                                             \
+       addr = NULL;                                                    \
 } while (0)
 
 extern int usemmap;