diff options
author | Alan Modra <amodra@gmail.com> | 2020-05-19 12:58:59 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2020-05-20 11:43:50 +0930 |
commit | 7b958a48e1322880f23cdb0a1c35643dd27d3ddb (patch) | |
tree | f22ca3f8b85ab4a5d371c465a899700a4989209f /ld | |
parent | 84f800117f075b78932d3abdc0a09421bb9d2657 (diff) | |
download | gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.zip gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.tar.gz gdb-7b958a48e1322880f23cdb0a1c35643dd27d3ddb.tar.bz2 |
PR25993, read of freed memory
ldmain.c:add_archive_element copies file name pointers from the bfd to
a lang_input_statement_type.
input->filename = abfd->filename;
input->local_sym_name = abfd->filename;
This results in stale pointers when twiddling the bfd filename in
places like the pe ld after_open. So don't free the bfd filename,
and make copies using bfd_alloc memory that won't result in small
memory leaks that annoy memory checkers.
PR 25993
bfd/
* archive.c (_bfd_get_elt_at_filepos): Don't strdup filename,
use bfd_set_filename.
* elfcode.h (_bfd_elf_bfd_from_remote_memory): Likewise.
* mach-o.c (bfd_mach_o_fat_member_init): Likewise.
* opncls.c (bfd_fopen, bfd_openstreamr, bfd_openr_iovec, bfd_openw),
(bfd_create): Likewise.
(_bfd_delete_bfd): Don't free filename.
(bfd_set_filename): Copy filename param to bfd_alloc'd memory,
return pointer to the copy or NULL on alloc fail.
* vms-lib.c (_bfd_vms_lib_get_module): Free newname and test
result of bfd_set_filename.
* bfd-in2.h: Regenerate.
gdb/
* solib-darwin.c (darwin_bfd_open): Don't strdup pathname for
bfd_set_filename.
* solib-aix.c (solib_aix_bfd_open): Use std::string for name
passed to bfd_set_filename.
* symfile-mem.c (add_vsyscall_page): Likewise for string
passed to symbol_file_add_from_memory.
(symbol_file_add_from_memory): Make name param a const char* and
don't strdup.
ld/
* emultempl/pe.em (gld_${EMULATION_NAME}_after_open): Don't copy
other_bfd_filename for bfd_set_filename, and test result of
bfd_set_filename call. Don't create a new is->filename, simply
copy from bfd filename. Free new_name after bfd_set_filename.
* emultempl/pep.em (gld_${EMULATION_NAME}_after_open): Likewise.
Diffstat (limited to 'ld')
-rw-r--r-- | ld/ChangeLog | 9 | ||||
-rw-r--r-- | ld/emultempl/pe.em | 37 | ||||
-rw-r--r-- | ld/emultempl/pep.em | 37 |
3 files changed, 31 insertions, 52 deletions
diff --git a/ld/ChangeLog b/ld/ChangeLog index cf566b3..b4ee76c 100644 --- a/ld/ChangeLog +++ b/ld/ChangeLog @@ -1,3 +1,12 @@ +2020-05-20 Alan Modra <amodra@gmail.com> + + PR 25993 + * emultempl/pe.em (gld_${EMULATION_NAME}_after_open): Don't copy + other_bfd_filename for bfd_set_filename, and test result of + bfd_set_filename call. Don't create a new is->filename, simply + copy from bfd filename. Free new_name after bfd_set_filename. + * emultempl/pep.em (gld_${EMULATION_NAME}_after_open): Likewise. + 2020-05-19 Siddhesh Poyarekar <siddesh.poyarekar@arm.com> * testsuite/ld-aarch64/aarch64-elf.exp: New test diff --git a/ld/emultempl/pe.em b/ld/emultempl/pe.em index fe65d2b..8c5ee76 100644 --- a/ld/emultempl/pe.em +++ b/ld/emultempl/pe.em @@ -1523,7 +1523,6 @@ gld_${EMULATION_NAME}_after_open (void) struct bfd_symbol *s; struct bfd_link_hash_entry * blhe; const char *other_bfd_filename; - char *n; s = (relocs[i]->sym_ptr_ptr)[0]; @@ -1550,9 +1549,9 @@ gld_${EMULATION_NAME}_after_open (void) continue; /* Rename this implib to match the other one. */ - n = xmalloc (strlen (other_bfd_filename) + 1); - strcpy (n, other_bfd_filename); - bfd_set_filename (is->the_bfd->my_archive, n); + if (!bfd_set_filename (is->the_bfd->my_archive, + other_bfd_filename)) + einfo ("%F%P: %pB: %E\n", is->the_bfd); } free (relocs); @@ -1655,28 +1654,14 @@ gld_${EMULATION_NAME}_after_open (void) else /* sentinel */ seq = 'c'; - /* PR 25993: It is possible that is->the_bfd-filename == is->filename. - In which case calling bfd_set_filename on one will free the memory - pointed to by the other. */ - if (is->filename == bfd_get_filename (is->the_bfd)) - { - new_name = xmalloc (strlen (is->filename) + 3); - sprintf (new_name, "%s.%c", is->filename, seq); - bfd_set_filename (is->the_bfd, new_name); - is->filename = new_name; - } - else - { - new_name - = xmalloc (strlen (bfd_get_filename (is->the_bfd)) + 3); - sprintf (new_name, "%s.%c", - bfd_get_filename (is->the_bfd), seq); - bfd_set_filename (is->the_bfd, new_name); - - new_name = xmalloc (strlen (is->filename) + 3); - sprintf (new_name, "%s.%c", is->filename, seq); - is->filename = new_name; - } + new_name + = xmalloc (strlen (bfd_get_filename (is->the_bfd)) + 3); + sprintf (new_name, "%s.%c", + bfd_get_filename (is->the_bfd), seq); + is->filename = bfd_set_filename (is->the_bfd, new_name); + free (new_name); + if (!is->filename) + einfo ("%F%P: %pB: %E\n", is->the_bfd); } } } diff --git a/ld/emultempl/pep.em b/ld/emultempl/pep.em index 699b865..ea8e768 100644 --- a/ld/emultempl/pep.em +++ b/ld/emultempl/pep.em @@ -1491,7 +1491,6 @@ gld_${EMULATION_NAME}_after_open (void) struct bfd_symbol *s; struct bfd_link_hash_entry * blhe; const char *other_bfd_filename; - char *n; s = (relocs[i]->sym_ptr_ptr)[0]; @@ -1518,9 +1517,9 @@ gld_${EMULATION_NAME}_after_open (void) continue; /* Rename this implib to match the other one. */ - n = xmalloc (strlen (other_bfd_filename) + 1); - strcpy (n, other_bfd_filename); - bfd_set_filename (is->the_bfd->my_archive, n); + if (!bfd_set_filename (is->the_bfd->my_archive, + other_bfd_filename)) + einfo ("%F%P: %pB: %E\n", is->the_bfd); } free (relocs); @@ -1623,28 +1622,14 @@ gld_${EMULATION_NAME}_after_open (void) else /* sentinel */ seq = 'c'; - /* PR 25993: It is possible that is->the_bfd-filename == is->filename. - In which case calling bfd_set_filename on one will free the memory - pointed to by the other. */ - if (is->filename == bfd_get_filename (is->the_bfd)) - { - new_name = xmalloc (strlen (is->filename) + 3); - sprintf (new_name, "%s.%c", is->filename, seq); - bfd_set_filename (is->the_bfd, new_name); - is->filename = new_name; - } - else - { - new_name - = xmalloc (strlen (bfd_get_filename (is->the_bfd)) + 3); - sprintf (new_name, "%s.%c", - bfd_get_filename (is->the_bfd), seq); - bfd_set_filename (is->the_bfd, new_name); - - new_name = xmalloc (strlen (is->filename) + 3); - sprintf (new_name, "%s.%c", is->filename, seq); - is->filename = new_name; - } + new_name + = xmalloc (strlen (bfd_get_filename (is->the_bfd)) + 3); + sprintf (new_name, "%s.%c", + bfd_get_filename (is->the_bfd), seq); + is->filename = bfd_set_filename (is->the_bfd, new_name); + free (new_name); + if (!is->filename) + einfo ("%F%P: %pB: %E\n", is->the_bfd); } } } |