libdw: Fix bad free on invalid data in dwarf_getsrclines.c.

If the last dir name wasn't zero terminated we goto invalid_data and might free the wrong data because we believe ndirlist is valid. Don't update ndirlist until we are sure we will use all dirs. Signed-off-by: Mark Wielaard <[email protected]>
author: Mark Wielaard <[email protected]> 2016-02-13 19:36:50 +0100
committer: Mark Wielaard <[email protected]> 2016-02-22 12:11:48 +0100
commit: e93e6f9279c34820bed6af17e6df51e1dcb6a8e0 (patch)
tree: 6ccc22e427089c09fe3d3fc0a929cbeef2b98df8 /libdw/dwarf_getsrclines.c
parent: 6993d408fac1ff9aa23281cb6ab010920f7d624c (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index dd1b3c1f..d02c38db 100644
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -1,5 +1,5 @@
 /* Return line number information of CU.
-   Copyright (C) 2004-2010, 2013, 2014, 2015 Red Hat, Inc.
+   Copyright (C) 2004-2010, 2013, 2014, 2015, 2016 Red Hat, Inc.
    This file is part of elfutils.
    Written by Ulrich Drepper <[email protected]>, 2004.
 
@@ -288,14 +288,16 @@ read_srclines (Dwarf *dbg,
 
   /* First count the entries.  */
   const unsigned char *dirp = linep;
+  unsigned int ndirs = 0;
   while (*dirp != 0)
     {
       uint8_t *endp = memchr (dirp, '\0', lineendp - dirp);
       if (endp == NULL)
 	goto invalid_data;
-      ++ndirlist;
+      ++ndirs;
       dirp = endp + 1;
     }
+  ndirlist += ndirs;
 
   /* Arrange the list in array form.  */
   if (ndirlist >= MAX_STACK_DIRS)
author	Mark Wielaard <[email protected]>	2016-02-13 19:36:50 +0100
committer	Mark Wielaard <[email protected]>	2016-02-22 12:11:48 +0100
commit	e93e6f9279c34820bed6af17e6df51e1dcb6a8e0 (patch)
tree	6ccc22e427089c09fe3d3fc0a929cbeef2b98df8 /libdw/dwarf_getsrclines.c
parent	6993d408fac1ff9aa23281cb6ab010920f7d624c (diff)