From 9f8ce183edd910bcb96d237595c526ea52af7079 Mon Sep 17 00:00:00 2001
From: liuzhilin <liuzhilin@kylinos.cn>
Date: Tue, 15 Jul 2025 16:52:52 +0800
Subject: [PATCH] backport Fix double free in compute_abbrevs

(cherry picked from commit 5492e0b5380ce43908028e85f42cbdd11fa3ee12)
---
 ...t-Fix-double-free-in-compute_abbrevs.patch | 60 +++++++++++++++++++
 dwz.spec                                      |  6 +-
 2 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 backport-Fix-double-free-in-compute_abbrevs.patch

diff --git a/backport-Fix-double-free-in-compute_abbrevs.patch b/backport-Fix-double-free-in-compute_abbrevs.patch
new file mode 100644
index 0000000..6fb6a66
--- /dev/null
+++ b/backport-Fix-double-free-in-compute_abbrevs.patch
@@ -0,0 +1,60 @@
+From ed021b829933e5f9ee90587196ba941c30ac832a Mon Sep 17 00:00:00 2001
+From: Tom de Vries <tdevries@suse.de>
+Date: Mon, 12 May 2025 14:01:40 +0200
+Subject: [PATCH] Fix double free in compute_abbrevs
+
+PR32934 reports an abort in obstack_free after a double free.
+
+The relevant code is in compute_abbrevs:
+...
+  t = (struct abbrev_tag *)
+      obstack_alloc (&ob2,
+                     sizeof (*t)
+                     + (max_nattr + 4) * sizeof (struct abbrev_attr)
+                     + (max_nattr + 4) * sizeof (int64_t));
+  ...
+  obstack_free (&ob2, (void *) t);
+  cuarr = (dw_cu_ref *) obstack_alloc (&ob2, ncus * sizeof (dw_cu_ref));
+  ...
+  obstack_free (&ob2, (void *) t);
+...
+
+The following happens:
+- t is allocated
+- t is freed
+- cuarr is allocated
+- t is freed.
+
+Usually, cuarr == t, so effectively cuarr is freed.
+
+But in the case of the PR, cuarr != t, so t is freed twice, triggering the
+abort.
+
+Fix this by freeing cuarr instead.
+
+Tested on x86_64-linux.
+
+Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=32934
+
+2025-05-12  Tom de Vries  <tdevries@suse.de>
+
+	* dwz.c (compute_abbrevs): Free cuarr instead of double-freeing	t.
+---
+ dwz.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dwz.c b/dwz.c
+index da4121f..a27eb4d 100644
+--- a/dwz.c
++++ b/dwz.c
+@@ -11813,7 +11813,7 @@ compute_abbrevs (DSO *dso)
+ 	}
+       obstack_free (&ob2, (void *) arr);
+     }
+-  obstack_free (&ob2, (void *) t);
++  obstack_free (&ob2, (void *) cuarr);
+   for (cu = first_cu; cu; cu = cu->cu_next)
+     {
+       struct abbrev_tag **arr;
+-- 
+2.43.5
diff --git a/dwz.spec b/dwz.spec
index be3eff1..324c38e 100644
--- a/dwz.spec
+++ b/dwz.spec
@@ -1,11 +1,12 @@
 Name: dwz
 Version: 0.15
-Release: 3
+Release: 4
 Summary: A DWARF optimization and duplicate removal tool
 License: GPLv2+ and GPLv3+
 URL: https://sourceware.org/dwz/
 Source0:https://sourceware.org/ftp/dwz/releases/%{name}-%{version}.tar.xz
 Patch0:dwz-0.15-index9.patch
+Patch1:backport-Fix-double-free-in-compute_abbrevs.patch
 BuildRequires:gcc gcc-c++ gdb elfutils-libelf-devel dejagnu
 BuildRequires:xxhash-devel
 
@@ -53,6 +54,9 @@ make check
 %{_mandir}/man1/dwz*
 
 %changelog
+* Tue Jul 15 2025 liuzhilin <liuzhilin@kylinos.cn> - 0.15-4
+- backport Fix double free in compute_abbrevs
+
 * Fri Jan 17 2025 pengjian <pengjian23@mails.ucas.ac.cn> - 0.15-3
 - add dwz-0.15-index9.patch
 
-- 
Gitee