aboutsummaryrefslogtreecommitdiff
path: root/ld
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2020-05-19 12:58:59 +0930
committerAlan Modra <amodra@gmail.com>2020-05-20 11:43:50 +0930
commit7b958a48e1322880f23cdb0a1c35643dd27d3ddb (patch)
treef22ca3f8b85ab4a5d371c465a899700a4989209f /ld
parent84f800117f075b78932d3abdc0a09421bb9d2657 (diff)
downloadgdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.zip
gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.tar.gz
gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.tar.bz2
PR25993, read of freed memory
ldmain.c:add_archive_element copies file name pointers from the bfd to a lang_input_statement_type. input->filename = abfd->filename; input->local_sym_name = abfd->filename; This results in stale pointers when twiddling the bfd filename in places like the pe ld after_open. So don't free the bfd filename, and make copies using bfd_alloc memory that won't result in small memory leaks that annoy memory checkers. PR 25993 bfd/ * archive.c (_bfd_get_elt_at_filepos): Don't strdup filename, use bfd_set_filename. * elfcode.h (_bfd_elf_bfd_from_remote_memory): Likewise. * mach-o.c (bfd_mach_o_fat_member_init): Likewise. * opncls.c (bfd_fopen, bfd_openstreamr, bfd_openr_iovec, bfd_openw), (bfd_create): Likewise. (_bfd_delete_bfd): Don't free filename. (bfd_set_filename): Copy filename param to bfd_alloc'd memory, return pointer to the copy or NULL on alloc fail. * vms-lib.c (_bfd_vms_lib_get_module): Free newname and test result of bfd_set_filename. * bfd-in2.h: Regenerate. gdb/ * solib-darwin.c (darwin_bfd_open): Don't strdup pathname for bfd_set_filename. * solib-aix.c (solib_aix_bfd_open): Use std::string for name passed to bfd_set_filename. * symfile-mem.c (add_vsyscall_page): Likewise for string passed to symbol_file_add_from_memory. (symbol_file_add_from_memory): Make name param a const char* and don't strdup. ld/ * emultempl/pe.em (gld_${EMULATION_NAME}_after_open): Don't copy other_bfd_filename for bfd_set_filename, and test result of bfd_set_filename call. Don't create a new is->filename, simply copy from bfd filename. Free new_name after bfd_set_filename. * emultempl/pep.em (gld_${EMULATION_NAME}_after_open): Likewise.
Diffstat (limited to 'ld')
-rw-r--r--ld/ChangeLog9
-rw-r--r--ld/emultempl/pe.em37
-rw-r--r--ld/emultempl/pep.em37
3 files changed, 31 insertions, 52 deletions
diff --git a/ld/ChangeLog b/ld/ChangeLog
index cf566b3..b4ee76c 100644
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,12 @@
+2020-05-20 Alan Modra <amodra@gmail.com>
+
+ PR 25993
+ * emultempl/pe.em (gld_${EMULATION_NAME}_after_open): Don't copy
+ other_bfd_filename for bfd_set_filename, and test result of
+ bfd_set_filename call. Don't create a new is->filename, simply
+ copy from bfd filename. Free new_name after bfd_set_filename.
+ * emultempl/pep.em (gld_${EMULATION_NAME}_after_open): Likewise.
+
2020-05-19 Siddhesh Poyarekar <siddesh.poyarekar@arm.com>
* testsuite/ld-aarch64/aarch64-elf.exp: New test
diff --git a/ld/emultempl/pe.em b/ld/emultempl/pe.em
index fe65d2b..8c5ee76 100644
--- a/ld/emultempl/pe.em
+++ b/ld/emultempl/pe.em
@@ -1523,7 +1523,6 @@ gld_${EMULATION_NAME}_after_open (void)
struct bfd_symbol *s;
struct bfd_link_hash_entry * blhe;
const char *other_bfd_filename;
- char *n;
s = (relocs[i]->sym_ptr_ptr)[0];
@@ -1550,9 +1549,9 @@ gld_${EMULATION_NAME}_after_open (void)
continue;
/* Rename this implib to match the other one. */
- n = xmalloc (strlen (other_bfd_filename) + 1);
- strcpy (n, other_bfd_filename);
- bfd_set_filename (is->the_bfd->my_archive, n);
+ if (!bfd_set_filename (is->the_bfd->my_archive,
+ other_bfd_filename))
+ einfo ("%F%P: %pB: %E\n", is->the_bfd);
}
free (relocs);
@@ -1655,28 +1654,14 @@ gld_${EMULATION_NAME}_after_open (void)
else /* sentinel */
seq = 'c';
- /* PR 25993: It is possible that is->the_bfd-filename == is->filename.
- In which case calling bfd_set_filename on one will free the memory
- pointed to by the other. */
- if (is->filename == bfd_get_filename (is->the_bfd))
- {
- new_name = xmalloc (strlen (is->filename) + 3);
- sprintf (new_name, "%s.%c", is->filename, seq);
- bfd_set_filename (is->the_bfd, new_name);
- is->filename = new_name;
- }
- else
- {
- new_name
- = xmalloc (strlen (bfd_get_filename (is->the_bfd)) + 3);
- sprintf (new_name, "%s.%c",
- bfd_get_filename (is->the_bfd), seq);
- bfd_set_filename (is->the_bfd, new_name);
-
- new_name = xmalloc (strlen (is->filename) + 3);
- sprintf (new_name, "%s.%c", is->filename, seq);
- is->filename = new_name;
- }
+ new_name
+ = xmalloc (strlen (bfd_get_filename (is->the_bfd)) + 3);
+ sprintf (new_name, "%s.%c",
+ bfd_get_filename (is->the_bfd), seq);
+ is->filename = bfd_set_filename (is->the_bfd, new_name);
+ free (new_name);
+ if (!is->filename)
+ einfo ("%F%P: %pB: %E\n", is->the_bfd);
}
}
}
diff --git a/ld/emultempl/pep.em b/ld/emultempl/pep.em
index 699b865..ea8e768 100644
--- a/ld/emultempl/pep.em
+++ b/ld/emultempl/pep.em
@@ -1491,7 +1491,6 @@ gld_${EMULATION_NAME}_after_open (void)
struct bfd_symbol *s;
struct bfd_link_hash_entry * blhe;
const char *other_bfd_filename;
- char *n;
s = (relocs[i]->sym_ptr_ptr)[0];
@@ -1518,9 +1517,9 @@ gld_${EMULATION_NAME}_after_open (void)
continue;
/* Rename this implib to match the other one. */
- n = xmalloc (strlen (other_bfd_filename) + 1);
- strcpy (n, other_bfd_filename);
- bfd_set_filename (is->the_bfd->my_archive, n);
+ if (!bfd_set_filename (is->the_bfd->my_archive,
+ other_bfd_filename))
+ einfo ("%F%P: %pB: %E\n", is->the_bfd);
}
free (relocs);
@@ -1623,28 +1622,14 @@ gld_${EMULATION_NAME}_after_open (void)
else /* sentinel */
seq = 'c';
- /* PR 25993: It is possible that is->the_bfd-filename == is->filename.
- In which case calling bfd_set_filename on one will free the memory
- pointed to by the other. */
- if (is->filename == bfd_get_filename (is->the_bfd))
- {
- new_name = xmalloc (strlen (is->filename) + 3);
- sprintf (new_name, "%s.%c", is->filename, seq);
- bfd_set_filename (is->the_bfd, new_name);
- is->filename = new_name;
- }
- else
- {
- new_name
- = xmalloc (strlen (bfd_get_filename (is->the_bfd)) + 3);
- sprintf (new_name, "%s.%c",
- bfd_get_filename (is->the_bfd), seq);
- bfd_set_filename (is->the_bfd, new_name);
-
- new_name = xmalloc (strlen (is->filename) + 3);
- sprintf (new_name, "%s.%c", is->filename, seq);
- is->filename = new_name;
- }
+ new_name
+ = xmalloc (strlen (bfd_get_filename (is->the_bfd)) + 3);
+ sprintf (new_name, "%s.%c",
+ bfd_get_filename (is->the_bfd), seq);
+ is->filename = bfd_set_filename (is->the_bfd, new_name);
+ free (new_name);
+ if (!is->filename)
+ einfo ("%F%P: %pB: %E\n", is->the_bfd);
}
}
}