libctf: fix ref leak of names of newly-inserted non-root-visible typesbinutils-2_40-branch

A bug in ctf_dtd_delete led to refs in the string table to the
names of non-root-visible types not being removed when the DTD
was.  This seems harmless, but actually it would lead to a write
down a pointer into freed memory if such a type was ctf_rollback()ed
over and then the dict was serialized (updating all the refs as the
strtab was serialized in turn).

Bug introduced in commit fe4c2d55634c700ba527ac4183e05c66e9f93c62
("libctf: create: non-root-visible types should not appear in name tables")
which is included in binutils 2.35.

libctf/
	* ctf-create.c (ctf_dtd_delete): Remove refs for all types
	with names, not just root-visible ones.

1 files changed, 4 insertions, 4 deletions

diff --git a/libctf/ctf-create.c b/libctf/ctf-create.c
index 7a3b307..2f4ecbf 100644
--- a/libctf/ctf-create.c
+++ b/libctf/ctf-create.c
@@ -288,11 +288,11 @@ ctf_dtd_delete (ctf_dict_t *fp, ctf_dtdef_t *dtd)
   dtd->dtd_vlen_alloc = 0;
 
   if (dtd->dtd_data.ctt_name
-      && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL
-      && LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info))
+      && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL)
     {
-      ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable,
-			  name);
+      if (LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info))
+	ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable,
+			    name);
       ctf_str_remove_ref (fp, name, &dtd->dtd_data.ctt_name);
     }