asan: mips_hi16_list segfault in bfd_get_section_limit_octets

static variables like mips_hi16_list are nasty for applications using
bfd.  It is possible when opening and closing bfds with mis-matched
hi/lo relocs to leave a stale section pointer on the list.  That can
cause a segfault if multiple bfds are being processed.

Tidying the list when closing is sufficient to stop this happening
(and fixes small memory leaks).  This patch goes further and moves
mips_hi16_list to where it belongs in the bfd tdata.

	* elf32-mips.c (bfd_elf32_close_and_cleanup(: Define.
	* elf64-mips.c (bfd_elf64_close_and_cleanup): Define.
	* elfn32-mips.c (bfd_elf32_close_and_cleanup(: Define.
	* elfxx-mips.c (struct mips_hi16): Move earlier.
	(mips_hi16_list): Move to..
	(struct mips_elf_obj_tdata): ..here.
	(_bfd_mips_elf_close_and_cleanup): New function.
	(_bfd_mips_elf_hi16_reloc, _bfd_mips_elf_lo16_reloc),
	(_bfd_elf_mips_get_relocated_section_contents): Adjust uses of
	mips_hi16_list.
	* elfxx-mips.h (_bfd_mips_elf_close_and_cleanup): Declare.

1 files changed, 1 insertions, 0 deletions

diff --git a/bfd/elfn32-mips.c b/bfd/elfn32-mips.c
index d222d1a..452a2a7 100644
--- a/bfd/elfn32-mips.c
+++ b/bfd/elfn32-mips.c
@@ -4197,6 +4197,7 @@ static const struct ecoff_debug_swap mips_elf32_ecoff_debug_swap = {
 #define bfd_elf32_bfd_print_private_bfd_data \
 					_bfd_mips_elf_print_private_bfd_data
 #define bfd_elf32_mkobject		mips_elf_n32_mkobject
+#define bfd_elf32_close_and_cleanup	_bfd_mips_elf_close_and_cleanup
 
 /* Support for SGI-ish mips targets using n32 ABI.  */