diff options
| author | Alan Modra <amodra@gmail.com> | 2020-03-03 20:27:36 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2020-03-03 21:45:01 +1030 |
| commit | f57140990f9be3232ffbc708fb1aade032052c80 (patch) | |
| tree | d189ac35c8ddb88c775e61a68addf7507469340b /binutils/objcopy.c | |
| parent | 478e490a4df79436d678ca5f5f1d7c7ac7befa79 (diff) | |
| download | gdb-f57140990f9be3232ffbc708fb1aade032052c80.zip gdb-f57140990f9be3232ffbc708fb1aade032052c80.tar.gz gdb-f57140990f9be3232ffbc708fb1aade032052c80.tar.bz2 | |
bfd_check_format_matches preserving matches vs. cleanups
It didn't take long for oss-fuzz to find double frees due to a bug in
the cleanup logic. It's seen when reading in any alpha-vms object
file except when alpha_vms_vec is the default. But alpha_vms_vec is
of course the default when building for --target=alpha-dec-vms (and
naturally what I used to test the cleanup support since that is the
only target with a cleanup that does anything currently).
Anyway, the bug is that if bfd_check_format_matches is to preserve a
match the cleanup for that match can't be run. Quite obviously that
would destroy part of the match state.
* format.c (struct bfd_preserve): Add cleanup field.
(bfd_preserve_save): Add cleanup param and save.
(bfd_preserve_restore): Return cleanup.
(bfd_preserve_finish): Call the cleanup for the discarded match.
(bfd_check_format_matches): Pass cleanup to bfd_preserve_save,
and clear when preserving a match. Restore cleanup too when
restoring that match.
Diffstat (limited to 'binutils/objcopy.c')
0 files changed, 0 insertions, 0 deletions