From b05971a652c35ed72d3c95290e18d8f6e4ef6c46 Mon Sep 17 00:00:00 2001 From: Michael Forney Date: Wed, 10 Apr 2019 18:17:37 +0930 Subject: [PATCH] PR24427, bfd/doc/chew.c reads uninitialized memory and subtracts from function pointer PR 24427 * doc/chew.c (free_words): Correctly free "push_text" strings. --- bfd/ChangeLog | 5 +++++ bfd/doc/chew.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 6e85dc7..03cab04 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2019-04-10 Michael Forney + + PR 24427 + * doc/chew.c (free_words): Correctly free "push_text" strings. + 2019-04-08 H.J. Lu * config.bfd: Remove i[3-7]86-*-kaos* and i[3-7]86-*-chaos targets. diff --git a/bfd/doc/chew.c b/bfd/doc/chew.c index c3dd9b4..ef5a22c 100644 --- a/bfd/doc/chew.c +++ b/bfd/doc/chew.c @@ -1260,11 +1260,11 @@ free_words (void) if (ptr->code) { int i; - for (i = 0; i < ptr->code_length; i ++) + for (i = 0; i < ptr->code_end - 1; i ++) if (ptr->code[i] == push_text && ptr->code[i + 1]) { - free (ptr->code[i + 1] - 1); + free ((char *) ptr->code[i + 1] - 1); ++ i; } free (ptr->code); -- 2.7.4