From 442a6ce858c0da0c5fba3eeb57a646254adf107a Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Thu, 19 Jul 2018 14:23:31 +0100
Subject: [PATCH] Stop potential memory leaks in dwarf CIE reader.

	* dwarf.c (read_cie): Free allocated memory before returning with
	a failure result.
---
 binutils/ChangeLog                    |  5 +++++
 binutils/README-how-to-make-a-release | 18 +++++++++---------
 binutils/dwarf.c                      | 16 ++++++++++++----
 3 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 285d999..a03f8bc 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2018-07-19  Nick Clifton  <nickc@redhat.com>
+
+	* dwarf.c (read_cie): Free allocated memory before returning with
+	a failure result.
+
 2018-07-16  Pedro Franco de Carvalho  <pedromfc@linux.ibm.com>
 
 	* readelf.c (get_note_type): Fix typo in NT_PPC_TM_CVSX note
diff --git a/binutils/README-how-to-make-a-release b/binutils/README-how-to-make-a-release
index 3b848e1..3759538 100644
--- a/binutils/README-how-to-make-a-release
+++ b/binutils/README-how-to-make-a-release
@@ -315,6 +315,10 @@ looks like this:
        a. Update the minor release number in bfd/version.m4.
        b. Edit bfd/development.sh and set "development=false".
        c. Regenerate the configure files.
+       c.1. Remove spurious autom4te.cache files:
+
+          find . -depth -name autom4te.cache -exec rm -r {} \;
+	  
        d. Commit the updates along with a "this-is-the-2.XX.X-release"
           note in all of the changelogs.
        e. Tag the branch with the new release number:
@@ -339,9 +343,6 @@ looks like this:
        k. Clean up the source tree.  (Use "git status" to find new
            files, and remove them).
 
-     FIXME: The tarballs will contain spurious autom4te.cache
-     directories which could be removed to reduce their size.
-
   4. [If paranoid - upload the tarballs to one of the FTP servers and
       ask people to test it before going on to step 5].
 
@@ -354,18 +355,17 @@ looks like this:
   6. Upload the tarballs to sourceware.org:
 
        sftp sourceware.org
-         cd /ftp/pub/binutils/releases
+         cd /sourceware/ftp/pub/binutils/releases
  	 put binutils-X.XX.X.tar.*
  	 chmod 644 binutils-X.XX.X.tar.*
 	 quit
 
-    FIXME: Should the signatures (created by the gnupload script in
-    step 5) be uploaded as well ?
+    It is OK to upload the signatures as well.
 
   7. Update web pages.  For sourceware.org:
 
       * Log on to sourceware.org
-      * Go /www/htdocs/binutils
+      * Go to /sourceware/www/sourceware/htdocs/binutils
       * Edit index.html
 
       For the www.gnu.org site you have to email webmasters@gnu.org
@@ -378,8 +378,8 @@ looks like this:
 ------------------------------------------------------------------------
 Hi Everyone,
 
-  We are pleased to announce that version 2.XX.X of the Binutils project
-  sources have been released and are now available for download at:
+  We are pleased to announce that version 2.XX.X of the GNU Binutils
+  project sources have been released and are now available for download at:
 
     https://ftp.gnu.org/gnu/binutils
     https://sourceware.org/pub/binutils/releases/
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index cd3df7f..d609df4 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -7283,7 +7283,7 @@ read_cie (unsigned char *start, unsigned char *end,
   if (start == end)
     {
       warn (_("No terminator for augmentation name\n"));
-      return start;
+      goto fail;
     }
 
   if (strcmp (fc->augmentation, "eh") == 0)
@@ -7295,7 +7295,7 @@ read_cie (unsigned char *start, unsigned char *end,
       if (fc->ptr_size < 1 || fc->ptr_size > 8)
 	{
 	  warn (_("Invalid pointer size (%d) in CIE data\n"), fc->ptr_size);
-	  return end;
+	  goto fail;
 	}
 
       GET (fc->segment_size, 1);
@@ -7303,7 +7303,7 @@ read_cie (unsigned char *start, unsigned char *end,
       if (fc->segment_size > 8 || fc->segment_size + fc->ptr_size > 8)
 	{
 	  warn (_("Invalid segment size (%d) in CIE data\n"), fc->segment_size);
-	  return end;
+	  goto fail;
 	}
 
       eh_addr_size = fc->ptr_size;
@@ -7313,8 +7313,10 @@ read_cie (unsigned char *start, unsigned char *end,
       fc->ptr_size = eh_addr_size;
       fc->segment_size = 0;
     }
+
   READ_ULEB (fc->code_factor);
   READ_SLEB (fc->data_factor);
+
   if (version == 1)
     {
       GET (fc->ra, 1);
@@ -7334,7 +7336,7 @@ read_cie (unsigned char *start, unsigned char *end,
 	  warn (_("Augmentation data too long: 0x%s, expected at most %#lx\n"),
 		dwarf_vmatoa ("x", augmentation_data_len),
 		(unsigned long) (end - start));
-	  return end;
+	  goto fail;
 	}
       start += augmentation_data_len;
     }
@@ -7376,6 +7378,12 @@ read_cie (unsigned char *start, unsigned char *end,
       *p_aug = augmentation_data;
     }
   return start;
+
+ fail:
+  free (fc->col_offset);
+  free (fc->col_type);
+  free (fc);
+  return end;
 }
 
 /* Prints out the contents on the DATA array formatted as unsigned bytes.
-- 
2.7.4