diff --git a/binutils/ChangeLog b/binutils/ChangeLog index c5d0355c189..33ca3e93e28 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,8 @@ +2020-04-14 Alan Modra + + * readelf.c (process_mips_specific): Free eopt and iopt. Avoid + possibility of overflow when checking number of conflicts. + 2020-04-14 H.J. Lu PR binutils/25707 diff --git a/binutils/readelf.c b/binutils/readelf.c index cd456b02900..9149bb8ce4d 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -16817,6 +16817,7 @@ process_mips_specific (Filedata * filedata) if (iopt == NULL) { error (_("Out of memory allocating space for MIPS options\n")); + free (eopt); return FALSE; } @@ -16839,7 +16840,10 @@ process_mips_specific (Filedata * filedata) if (option->size < sizeof (* eopt) || offset + option->size > sect->sh_size) { - error (_("Invalid size (%u) for MIPS option\n"), option->size); + error (_("Invalid size (%u) for MIPS option\n"), + option->size); + free (iopt); + free (eopt); return FALSE; } offset += option->size; @@ -17033,7 +17037,7 @@ process_mips_specific (Filedata * filedata) offset += option->size; ++option; } - + free (iopt); free (eopt); } else @@ -17053,7 +17057,7 @@ process_mips_specific (Filedata * filedata) /* PR 21345 - print a slightly more helpful error message if we are sure that the cmalloc will fail. */ - if (conflictsno * sizeof (* iconf) > filedata->file_size) + if (conflictsno > filedata->file_size / sizeof (* iconf)) { error (_("Overlarge number of conflicts detected: %lx\n"), (long) conflictsno);