From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1062)
 id A209C3858426; Wed,  6 Sep 2023 23:26:47 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A209C3858426
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Alan Modra <amodra@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] PR30828, notes obstack memory corruption
X-Act-Checkin: binutils-gdb
X-Git-Author: Alan Modra <amodra@gmail.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 313b2841b8e9046ea658104988e01bedf6148d5f
X-Git-Newrev: 9e99d10c9a7fc20adb0009d3761fe3cdfdbe0a8c
Message-Id: <20230906232647.A209C3858426@sourceware.org>
Date: Wed,  6 Sep 2023 23:26:47 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2023 23:26:47 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D9e99d10c9a7f=
c20adb0009d3761fe3cdfdbe0a8c

commit 9e99d10c9a7fc20adb0009d3761fe3cdfdbe0a8c
Author: Alan Modra <amodra@gmail.com>
Date:   Thu Sep 7 08:43:53 2023 +0930

    PR30828, notes obstack memory corruption
   =20
    Commit 3bab069c29b3 carelessly allowed "string" to be released from
    the notes obstack twice, with the second call to obstack_free
    releasing memory for a fixup that just happened to be the same size as
    the original string.  The fixup then of course was overwritten.
    This patch fixes that problem, and another that could occur on an
    error path.
   =20
            PR 30828
            * stabs.c (s_stab_generic): Don't free string twice.  Don't
            blow away entire notes obstack on a missing string.

Diff:
---
 gas/stabs.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/gas/stabs.c b/gas/stabs.c
index 1b25542900a..0c8022fb2cb 100644
--- a/gas/stabs.c
+++ b/gas/stabs.c
@@ -262,7 +262,7 @@ s_stab_generic (int what,
 	{
 	  as_warn (_(".stab%c: missing string"), what);
 	  ignore_rest_of_line ();
-	  goto out;
+	  goto out2;
 	}
       /* FIXME: We should probably find some other temporary storage
 	 for string, rather than leaking memory if someone else
@@ -350,7 +350,10 @@ s_stab_generic (int what,
 	 This must be done before creating symbols below, which uses
 	 the notes obstack.  */
       if (saved_string_obstack_end =3D=3D obstack_next_free (&notes))
-	obstack_free (&notes, string);
+	{
+	  obstack_free (&notes, string);
+	  saved_string_obstack_end =3D NULL;
+	}
=20
       /* At least for now, stabs in a special stab section are always
 	 output as 12 byte blocks of information.  */
@@ -398,6 +401,7 @@ s_stab_generic (int what,
  out:
   if (saved_string_obstack_end =3D=3D obstack_next_free (&notes))
     obstack_free (&notes, string);
+ out2:
   subseg_set (saved_seg, saved_subseg);
 }