libdwfl: Don't call realloc with zero in cu.c addraranges.

Calling realloc when naranges is zero will result is trying to free
aranges. If realloc does free aranges it returns NULL, which means
aranges is still assigned. This is likely not a problem, because in
most cases aranges will be NULL already. But if it was not and
naranges does turn out to be zero after reduction (which would be
invalid DWARF) we are left with a dangling pointer.

Signed-off-by: Mark Wielaard <mark@klomp.org>

2 files changed, 9 insertions, 2 deletions

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 1da888f6..3e19d9bd 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
+2019-04-28  Mark Wielaard  <mark@klomp.org>
+
+	* cu.c (addrarange): Only call realloc when naranges is not zero.
+
 2019-03-27  Mark Wielaard  <mark@klomp.org>
 
 	* dwfl_segment_report_module.c (dwfl_segment_report_module): Check
diff --git a/libdwfl/cu.c b/libdwfl/cu.c
index 94bfad8d..4de66248 100644
--- a/libdwfl/cu.c
+++ b/libdwfl/cu.c
@@ -83,8 +83,11 @@ addrarange (Dwfl_Module *mod, Dwarf_Addr addr, struct dwfl_arange **arange)
 
       /* Store the final array, which is probably much smaller than before.  */
       mod->naranges = naranges;
-      mod->aranges = (realloc (aranges, naranges * sizeof aranges[0])
-		      ?: aranges);
+      if (naranges > 0)
+        mod->aranges = (realloc (aranges, naranges * sizeof aranges[0])
+			?: aranges);
+      else if (aranges != NULL)
+	free (aranges);
       mod->lazycu += naranges;
     }