libdw: Fix bad free on invalid data in dwarf_getsrclines.c.

If the last dir name wasn't zero terminated we goto invalid_data
and might free the wrong data because we believe ndirlist is valid.
Don't update ndirlist until we are sure we will use all dirs.

Signed-off-by: Mark Wielaard <[email protected]>

2 files changed, 9 insertions, 2 deletions

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index fc80e8d2..36c332ae 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,8 @@
+2016-02-13  Mark Wielaard  <[email protected]>
+
+	* dwarf_getsrclines.c (read_srclines): Calculate ndirs first, then
+	assign to ndirlist.
+
 2015-12-18  Mark Wielaard  <[email protected]>
 
 	* libdwP.h (struct Dwarf): Remove sectiondata_gzip_mask.
diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index dd1b3c1f..d02c38db 100644
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -1,5 +1,5 @@
 /* Return line number information of CU.
-   Copyright (C) 2004-2010, 2013, 2014, 2015 Red Hat, Inc.
+   Copyright (C) 2004-2010, 2013, 2014, 2015, 2016 Red Hat, Inc.
    This file is part of elfutils.
    Written by Ulrich Drepper <[email protected]>, 2004.
 
@@ -288,14 +288,16 @@ read_srclines (Dwarf *dbg,
 
   /* First count the entries.  */
   const unsigned char *dirp = linep;
+  unsigned int ndirs = 0;
   while (*dirp != 0)
     {
       uint8_t *endp = memchr (dirp, '\0', lineendp - dirp);
       if (endp == NULL)
 	goto invalid_data;
-      ++ndirlist;
+      ++ndirs;
       dirp = endp + 1;
     }
+  ndirlist += ndirs;
 
   /* Arrange the list in array form.  */
   if (ndirlist >= MAX_STACK_DIRS)