diff options
| author | Nick Alcock <nick.alcock@oracle.com> | 2024-07-29 12:45:09 +0100 |
|---|---|---|
| committer | Nick Alcock <nick.alcock@oracle.com> | 2024-08-02 11:56:42 +0100 |
| commit | 0daea2d62ccdcf453d0885571aab1aca05bc847d (patch) | |
| tree | 877a21aa2733f48cf3d6021624b85a8bc9fcc3bf | |
| parent | 44f1cd7f536f7eeb9440e8c8d81a10adbb16296b (diff) | |
| download | gdb-binutils-2_37-branch.zip gdb-binutils-2_37-branch.tar.gz gdb-binutils-2_37-branch.tar.bz2 | |
libctf: fix ref leak of names of newly-inserted non-root-visible typesbinutils-2_37-branch
A bug in ctf_dtd_delete led to refs in the string table to the
names of non-root-visible types not being removed when the DTD
was. This seems harmless, but actually it would lead to a write
down a pointer into freed memory if such a type was ctf_rollback()ed
over and then the dict was serialized (updating all the refs as the
strtab was serialized in turn).
Bug introduced in commit fe4c2d55634c700ba527ac4183e05c66e9f93c62
("libctf: create: non-root-visible types should not appear in name tables")
which is included in binutils 2.35.
libctf/
* ctf-create.c (ctf_dtd_delete): Remove refs for all types
with names, not just root-visible ones.
| -rw-r--r-- | libctf/ctf-create.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/libctf/ctf-create.c b/libctf/ctf-create.c index 2d232d4..2a45192 100644 --- a/libctf/ctf-create.c +++ b/libctf/ctf-create.c @@ -288,11 +288,11 @@ ctf_dtd_delete (ctf_dict_t *fp, ctf_dtdef_t *dtd) dtd->dtd_vlen_alloc = 0; if (dtd->dtd_data.ctt_name - && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL - && LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info)) + && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL) { - ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable, - name); + if (LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info)) + ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable, + name); ctf_str_remove_ref (fp, name, &dtd->dtd_data.ctt_name); } |