Fix heap-use-after-free

rizinorg · Oct 21, 2023 · 456440d · 456440d
1 parent a4cd1f0
commit 456440d
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 4 deletions.
diff --git a/librz/bin/dwarf/endian_reader.c b/librz/bin/dwarf/endian_reader.c
@@ -144,7 +144,7 @@ RZ_IPI RzBinEndianReader *RzBinEndianReader_from_file(RzBinFile *binfile, const
 
 	reader->buffer = buf;
 	reader->big_endian = bf_bigendian(binfile);
-	reader->section = section;
+	reader->section_name = rz_str_new(section->name);
 	reader->relocations = relocations;
 	return reader;
 }
@@ -258,6 +258,7 @@ RZ_IPI void RzBinEndianReader_free(RzBinEndianReader *r) {
 	}
 	rz_buf_free(r->buffer);
 	ht_up_free(r->relocations);
+	free(r->section_name);
 	free(r);
 }
 

diff --git a/librz/core/cdwarf.c b/librz/core/cdwarf.c
@@ -426,7 +426,7 @@ RZ_API RZ_OWN char *rz_core_bin_dwarf_line_units_to_string(RZ_NONNULL RZ_BORROW
 	if (!sb) {
 		return NULL;
 	}
-	rz_strbuf_appendf(sb, "Raw dump of debug contents of section %s:\n\n", line->reader->section->name);
+	rz_strbuf_appendf(sb, "Raw dump of debug contents of section %s:\n\n", line->reader->section_name);
 	RzListIter *it;
 	RzBinDwarfLineUnit *unit;
 	bool first = true;

diff --git a/librz/include/rz_bin_dwarf.h b/librz/include/rz_bin_dwarf.h
@@ -972,7 +972,7 @@ struct rz_bin_section_t;
 typedef struct {
 	RzBuffer *buffer;
 	bool big_endian;
-	const struct rz_bin_section_t *section;
+	char *section_name;
 	HtUP *relocations;
 } RzBinEndianReader;
 

diff --git a/test/db/cmd/dwarf b/test/db/cmd/dwarf
@@ -6894,7 +6894,7 @@ paddr      size  vaddr      vsize align perm name               type       flags
 <0x14d>: Abbrev Number: 2    (DW_TAG_pointer_type)
 	DW_AT_type [DW_FORM_ref4]	: <0x13a>
 <0x152>: Abbrev Number: 0    (DW_TAG_null_entry)
-Raw dump of debug contents of section (null):
+Raw dump of debug contents of section .debug_line:
 
  Header information[0x0]
   Length:                             351