PR25993, read of freed memory

ldmain.c:add_archive_element copies file name pointers from the bfd to a lang_input_statement_type. input->filename = abfd->filename; input->local_sym_name = abfd->filename; This results in stale pointers when twiddling the bfd filename in places like the pe ld after_open. So don't free the bfd filename, and make copies using bfd_alloc memory that won't result in small memory leaks that annoy memory checkers. PR 25993 bfd/ * archive.c (_bfd_get_elt_at_filepos): Don't strdup filename, use bfd_set_filename. * elfcode.h (_bfd_elf_bfd_from_remote_memory): Likewise. * mach-o.c (bfd_mach_o_fat_member_init): Likewise. * opncls.c (bfd_fopen, bfd_openstreamr, bfd_openr_iovec, bfd_openw), (bfd_create): Likewise. (_bfd_delete_bfd): Don't free filename. (bfd_set_filename): Copy filename param to bfd_alloc'd memory, return pointer to the copy or NULL on alloc fail. * vms-lib.c (_bfd_vms_lib_get_module): Free newname and test result of bfd_set_filename. * bfd-in2.h: Regenerate. gdb/ * solib-darwin.c (darwin_bfd_open): Don't strdup pathname for bfd_set_filename. * solib-aix.c (solib_aix_bfd_open): Use std::string for name passed to bfd_set_filename. * symfile-mem.c (add_vsyscall_page): Likewise for string passed to symbol_file_add_from_memory. (symbol_file_add_from_memory): Make name param a const char* and don't strdup. ld/ * emultempl/pe.em (gld_${EMULATION_NAME}_after_open): Don't copy other_bfd_filename for bfd_set_filename, and test result of bfd_set_filename call. Don't create a new is->filename, simply copy from bfd filename. Free new_name after bfd_set_filename. * emultempl/pep.em (gld_${EMULATION_NAME}_after_open): Likewise.
author: Alan Modra <amodra@gmail.com> 2020-05-19 12:58:59 +0930
committer: Alan Modra <amodra@gmail.com> 2020-05-20 11:43:50 +0930
commit: 7b958a48e1322880f23cdb0a1c35643dd27d3ddb (patch)
tree: f22ca3f8b85ab4a5d371c465a899700a4989209f /bfd/opncls.c
parent: 84f800117f075b78932d3abdc0a09421bb9d2657 (diff)
download: gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.zip
gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.tar.gz
gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.tar.bz2
1 files changed, 19 insertions, 19 deletions
diff --git a/bfd/opncls.c b/bfd/opncls.c
index 5d3437d..78b2ad7 100644
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@@ -126,7 +126,6 @@ _bfd_delete_bfd (bfd *abfd)
       objalloc_free ((struct objalloc *) abfd->memory);
     }
 
-  free ((char *) bfd_get_filename (abfd));
   free (abfd->arelt_data);
   free (abfd);
 }
@@ -232,8 +231,7 @@ bfd_fopen (const char *filename, const char *target, const char *mode, int fd)
 
   /* PR 11983: Do not cache the original filename, but
      rather make a copy - the original might go away.  */
-  nbfd->filename = bfd_strdup (filename);
-  if (nbfd->filename == NULL)
+  if (!bfd_set_filename (nbfd, filename))
     {
       fclose (nbfd->iostream);
       _bfd_delete_bfd (nbfd);
@@ -406,8 +404,7 @@ bfd_openstreamr (const char *filename, const char *target, void *streamarg)
   nbfd->iostream = stream;
   /* PR 11983: Do not cache the original filename, but
      rather make a copy - the original might go away.  */
-  nbfd->filename = bfd_strdup (filename);
-  if (nbfd->filename == NULL)
+  if (!bfd_set_filename (nbfd, filename))
     {
       _bfd_delete_bfd (nbfd);
       return NULL;
@@ -607,8 +604,7 @@ bfd_openr_iovec (const char *filename, const char *target,
 
   /* PR 11983: Do not cache the original filename, but
      rather make a copy - the original might go away.  */
-  nbfd->filename = bfd_strdup (filename);
-  if (nbfd->filename == NULL)
+  if (!bfd_set_filename (nbfd, filename))
     {
       _bfd_delete_bfd (nbfd);
       return NULL;
@@ -679,8 +675,7 @@ bfd_openw (const char *filename, const char *target)
 
   /* PR 11983: Do not cache the original filename, but
      rather make a copy - the original might go away.  */
-  nbfd->filename = bfd_strdup (filename);
-  if (nbfd->filename == NULL)
+  if (!bfd_set_filename (nbfd, filename))
     {
       _bfd_delete_bfd (nbfd);
       return NULL;
@@ -824,8 +819,7 @@ bfd_create (const char *filename, bfd *templ)
     return NULL;
   /* PR 11983: Do not cache the original filename, but
      rather make a copy - the original might go away.  */
-  nbfd->filename = bfd_strdup (filename);
-  if (nbfd->filename == NULL)
+  if (!bfd_set_filename (nbfd, filename))
     {
       _bfd_delete_bfd (nbfd);
       return NULL;
@@ -2040,17 +2034,23 @@ FUNCTION
 	bfd_set_filename
 
 SYNOPSIS
-	void bfd_set_filename (bfd *abfd, char *filename);
+	const char *bfd_set_filename (bfd *abfd, const char *filename);
 
 DESCRIPTION
-	Set the filename of @var{abfd}.  The old filename, if any, is freed.
-	@var{filename} must be allocated using @code{xmalloc}.  After
-	this call, it is owned @var{abfd}.
+	Set the filename of @var{abfd}, copying the FILENAME parameter to
+	bfd_alloc'd memory owned by @var{abfd}.  Returns a pointer the
+	newly allocated name, or NULL if the allocation failed.
 */
 
-void
-bfd_set_filename (bfd *abfd, char *filename)
+const char *
+bfd_set_filename (bfd *abfd, const char *filename)
 {
-  free ((char *) abfd->filename);
-  abfd->filename = filename;
+  size_t len = strlen (filename) + 1;
+  char *n = bfd_alloc (abfd, len);
+  if (n)
+    {
+      memcpy (n, filename, len);
+      abfd->filename = n;
+    }
+  return n;
 }
author	Alan Modra <amodra@gmail.com>	2020-05-19 12:58:59 +0930
committer	Alan Modra <amodra@gmail.com>	2020-05-20 11:43:50 +0930
commit	7b958a48e1322880f23cdb0a1c35643dd27d3ddb (patch)
tree	f22ca3f8b85ab4a5d371c465a899700a4989209f /bfd/opncls.c
parent	84f800117f075b78932d3abdc0a09421bb9d2657 (diff)
download	gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.zip gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.tar.gz gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.tar.bz2