#2 readelf: Fix double fclose for bad file without magic number
Opened 9 months ago by sbergmann. Modified 9 months ago
rpms/ sbergmann/binutils readelf  into  f33

@@ -1,6 +1,6 @@ 

  --- binutils.orig/binutils/readelf.c	2020-07-24 14:55:25.163647522 +0100

  +++ binutils-2.35/binutils/readelf.c	2020-07-24 15:02:39.613851369 +0100

- @@ -20729,79 +20729,92 @@ process_file (char * file_name)

+ @@ -20729,79 +20729,91 @@ process_file (char * file_name)

     Filedata * filedata = NULL;

     struct stat statbuf;

     char armag[SARMAG];
@@ -62,7 +62,7 @@ 

       {

  -      error (_("%s: Failed to read file's magic number\n"), file_name);

  +      error (_("Failed to read file's magic number\n"));

-        fclose (filedata->handle);

+ -      fclose (filedata->handle);

  -      free (filedata);

  -      return FALSE;

  +      goto done;

As seen on f33, touch empty && readelf -h empty SIGABRT'ed with

readelf: empty: Error: Failed to read file's magic number
free(): double free detected in tcache 2

at

0 0x00007ffff7def9d5 in raise () from /lib64/libc.so.6

1 0x00007ffff7dd88a4 in abort () from /lib64/libc.so.6

2 0x00007ffff7e31f27 in __libc_message () from /lib64/libc.so.6

3 0x00007ffff7e39c1c in malloc_printerr () from /lib64/libc.so.6

4 0x00007ffff7e3b6ec in _int_free () from /lib64/libc.so.6

5 0x00007ffff7e278a3 in fclose@@GLIBC_2.2.5 () from /lib64/libc.so.6

6 0x000055555555da51 in process_file (file_name=<optimized out>) at /usr/src/debug/binutils-2.35-15.fc33.x86_64/binutils/readelf.c:20821

7 main (argc=3, argv=0x7fffffffe0c8) at /usr/src/debug/binutils-2.35-15.fc33.x86_64/binutils/readelf.c:20893