From 18c742b5f0ae0285539e2dbea0c3a81961e9a7e5 Mon Sep 17 00:00:00 2001
From: Tom de Vries <tdevries@suse.de>
Date: Wed, 28 Nov 2018 14:06:23 +0000
Subject: [PATCH] [libbacktrace] Fix segfault upon allocation failure

If the allocation of abbrevs->abbrevs in read_abbrevs fails, then
abbrevs->num_abbrevs remains nonzero, and consequently free_abbrevs will
segfault when accessing abbrevs->abbrevs.

Fix this by setting abbrevs->num_abbrevs only after abbrevs->abbrevs
allocation has succeeded.

Bootstrapped and reg-tested on x86_64.

2018-11-28  Tom de Vries  <tdevries@suse.de>

	* dwarf.c (read_abbrevs): Fix handling of abbrevs->abbrevs allocation
	failure.

From-SVN: r266562
---
 libbacktrace/ChangeLog | 5 +++++
 libbacktrace/dwarf.c   | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/libbacktrace/ChangeLog b/libbacktrace/ChangeLog
index e7fdfd8e9403..8894446a75b9 100644
--- a/libbacktrace/ChangeLog
+++ b/libbacktrace/ChangeLog
@@ -1,3 +1,8 @@
+2018-11-28  Tom de Vries  <tdevries@suse.de>
+
+	* dwarf.c (read_abbrevs): Fix handling of abbrevs->abbrevs allocation
+	failure.
+
 2018-11-27  Tom de Vries  <tdevries@suse.de>
 
 	* mmap.c (backtrace_vector_release): Same.
diff --git a/libbacktrace/dwarf.c b/libbacktrace/dwarf.c
index 4e93f1208204..34543747c8fa 100644
--- a/libbacktrace/dwarf.c
+++ b/libbacktrace/dwarf.c
@@ -1105,13 +1105,13 @@ read_abbrevs (struct backtrace_state *state, uint64_t abbrev_offset,
   if (num_abbrevs == 0)
     return 1;
 
-  abbrevs->num_abbrevs = num_abbrevs;
   abbrevs->abbrevs = ((struct abbrev *)
 		      backtrace_alloc (state,
 				       num_abbrevs * sizeof (struct abbrev),
 				       error_callback, data));
   if (abbrevs->abbrevs == NULL)
     return 0;
+  abbrevs->num_abbrevs = num_abbrevs;
   memset (abbrevs->abbrevs, 0, num_abbrevs * sizeof (struct abbrev));
 
   num_abbrevs = 0;
-- 
GitLab