From c4fd534d3100e8f033b107fc7ca7ca3fcaf3ed0f Mon Sep 17 00:00:00 2001 From: semarie Date: Tue, 23 Jun 2015 15:16:34 +0000 Subject: [PATCH] This patch ensure that when an error is detected, the freed variables in elf_symloadx() are reinitialised. Else show_file() in nm.c will used these variables, even if they has just been freed. (nm.c +689). Problem found by afl. ok miod@ --- usr.bin/nm/elf.c | 8 +++++++- usr.bin/nm/util.h | 3 ++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/usr.bin/nm/elf.c b/usr.bin/nm/elf.c index bf134ad7513..c44a6babbe5 100644 --- a/usr.bin/nm/elf.c +++ b/usr.bin/nm/elf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: elf.c,v 1.31 2015/06/23 15:13:29 semarie Exp $ */ +/* $OpenBSD: elf.c,v 1.32 2015/06/23 15:16:34 semarie Exp $ */ /* * Copyright (c) 2003 Michael Shalayeff @@ -498,6 +498,7 @@ elf_symloadx(const char *name, FILE *fp, off_t foff, Elf_Ehdr *eh, warn("%s: malloc names", name); if (stab) MUNMAP(stab, *pstabsize); + *pnrawnames = 0; return (1); } if ((*psnames = calloc(*pnrawnames, sizeof(np))) == NULL) { @@ -505,6 +506,8 @@ elf_symloadx(const char *name, FILE *fp, off_t foff, Elf_Ehdr *eh, if (stab) MUNMAP(stab, *pstabsize); free(*pnames); + *pnames = NULL; + *pnrawnames = 0; return (1); } @@ -516,6 +519,9 @@ elf_symloadx(const char *name, FILE *fp, off_t foff, Elf_Ehdr *eh, MUNMAP(stab, *pstabsize); free(*pnames); free(*psnames); + *pnames = NULL; + *psnames = NULL; + *pnrawnames = 0; return (1); } diff --git a/usr.bin/nm/util.h b/usr.bin/nm/util.h index 8e5553ead86..622f2158972 100644 --- a/usr.bin/nm/util.h +++ b/usr.bin/nm/util.h @@ -1,4 +1,4 @@ -/* $OpenBSD: util.h,v 1.3 2015/05/17 20:19:08 guenther Exp $ */ +/* $OpenBSD: util.h,v 1.4 2015/06/23 15:16:34 semarie Exp $ */ /* * Placed in the public domain by Todd C. Miller @@ -26,6 +26,7 @@ munmap(addr, len); \ else \ free(addr); \ + addr = NULL; \ } while (0) extern int usemmap; -- 2.20.1