[binutils-gdb/binutils-2_40-branch] libctf: fix ref leak of names of newly-inserted non-root-visible types

public inbox for binutils-cvs@sourceware.org
 help / color / mirror / Atom feed

* [binutils-gdb/binutils-2_40-branch] libctf: fix ref leak of names of newly-inserted non-root-visible types
@ 2024-08-02 13:16 Nick Alcock
  0 siblings, 0 replies; only message in thread
From: Nick Alcock @ 2024-08-02 13:16 UTC (permalink / raw)
  To: binutils-cvs

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e05406c548867d6467d47564f8f9d7cd338532a4

commit e05406c548867d6467d47564f8f9d7cd338532a4
Author: Nick Alcock <nick.alcock@oracle.com>
Date:   Mon Jul 29 12:45:09 2024 +0100

    libctf: fix ref leak of names of newly-inserted non-root-visible types
    
    A bug in ctf_dtd_delete led to refs in the string table to the
    names of non-root-visible types not being removed when the DTD
    was.  This seems harmless, but actually it would lead to a write
    down a pointer into freed memory if such a type was ctf_rollback()ed
    over and then the dict was serialized (updating all the refs as the
    strtab was serialized in turn).
    
    Bug introduced in commit fe4c2d55634c700ba527ac4183e05c66e9f93c62
    ("libctf: create: non-root-visible types should not appear in name tables")
    which is included in binutils 2.35.
    
    libctf/
            * ctf-create.c (ctf_dtd_delete): Remove refs for all types
            with names, not just root-visible ones.

Diff:
---
 libctf/ctf-create.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libctf/ctf-create.c b/libctf/ctf-create.c
index 7a3b3078dba..2f4ecbff245 100644
--- a/libctf/ctf-create.c
+++ b/libctf/ctf-create.c
@@ -288,11 +288,11 @@ ctf_dtd_delete (ctf_dict_t *fp, ctf_dtdef_t *dtd)
   dtd->dtd_vlen_alloc = 0;
 
   if (dtd->dtd_data.ctt_name
-      && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL
-      && LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info))
+      && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL)
     {
-      ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable,
-			  name);
+      if (LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info))
+	ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable,
+			    name);
       ctf_str_remove_ref (fp, name, &dtd->dtd_data.ctt_name);
     }

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2024-08-02 13:16 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-08-02 13:16 [binutils-gdb/binutils-2_40-branch] libctf: fix ref leak of names of newly-inserted non-root-visible types Nick Alcock

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).