libasm: Fix use-after-free issue with circular single linked list cleanup

Pointed out by gcc 12 with -Wuse-after-free=3

In function ‘free_section’
asm_end.c:552:17: error: pointer ‘data’ used after ‘free’ [-Werror=use-after-free]
  552 |     while (oldp != scnp->content);
      |            ~~~~~^~~~~~~~~~~~~~~~
asm_end.c:550:9: note: call to ‘free’ here
  550 |         free (oldp);
      |         ^~~~~~~~~~~

Fix by freeing scnp->content last.

Signed-off-by: Mark Wielaard <mark@klomp.org>

2 files changed, 14 insertions, 8 deletions

diff --git a/libasm/ChangeLog b/libasm/ChangeLog
index a12d14b3..f23d5914 100644
--- a/libasm/ChangeLog
+++ b/libasm/ChangeLog
@@ -1,3 +1,7 @@
+2023-02-17  Mark Wielaard  <mark@klomp.org>
+
+	* asm_end.c (free_section): free scnp->content last.
+
 2022-12-20  Mark Wielaard  <mark@klomp.org>
 
 	* disasm_begin.c: Include libeblP.h.
diff --git a/libasm/asm_end.c b/libasm/asm_end.c
index c06d2366..29165ac4 100644
--- a/libasm/asm_end.c
+++ b/libasm/asm_end.c
@@ -541,16 +541,18 @@ free_section (AsmScn_t *scnp)
   if (scnp->subnext != NULL)
     free_section (scnp->subnext);
 
+  /* This is a circular single linked list.  */
   struct AsmData *data = scnp->content;
   if (data != NULL)
-    do
-      {
-	oldp = data;
-	data = data->next;
-	free (oldp);
-      }
-    while (oldp != scnp->content);
-
+    {
+      while (data != scnp->content)
+	{
+	  oldp = data;
+	  data = data->next;
+	  free (oldp);
+	}
+      free (scnp->content);
+    }
   free (scnp);
 }