public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed
* [Patch]: obj_elf_section: do not free name in case of error
@ 2011-08-03 12:02 Tristan Gingold
  2011-08-03 14:05 ` Alan Modra
  0 siblings, 1 reply; 3+ messages in thread
From: Tristan Gingold @ 2011-08-03 12:02 UTC (permalink / raw)
  To: binutils Development

Hi,

in case of parse error during obj_elf_section, xfree (name) is called to free the section name.
However, name may not be allocated on the heap: for names enclosed in quotes, obj_elf_section_name calls
demand_copy_C_string which allocates the string on the notes obstack.

So, an invalid .section directive may corrupt the heap because of such invalid call to free.

I think it is easier to simply not trying to deallocate name.  In case of success (which should happen more frequently),
we don't bother about this potential memory leak too.

Thoughts ?

Tristan.

2011-08-03  Tristan Gingold  <gingold@adacore.com>

	* config/obj-elf.c (obj_elf_section): Do not free name.

diff --git a/gas/config/obj-elf.c b/gas/config/obj-elf.c
index 820f1cf..6e16a62 100644
--- a/gas/config/obj-elf.c
+++ b/gas/config/obj-elf.c
          if (beg == NULL)
            {
              ignore_rest_of_line ();
-             xfree (name);
              return;
            }
          attr |= obj_elf_parse_section_letters (beg, strlen (beg), &clone);
@@ -1004,7 +1003,6 @@ obj_elf_section (int push)
                  if (beg == NULL)
                    {
                      ignore_rest_of_line ();
-                     xfree (name);
                      return;
                    }
                  type = obj_elf_section_type (beg, strlen (beg), TRUE);
@@ -1086,7 +1084,6 @@ obj_elf_section (int push)
                {
                  as_bad (_("character following name is not '#'"));
                  ignore_rest_of_line ();
-                 xfree (name);
                  return;
                }
              beg = ++input_line_pointer;

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Patch]: obj_elf_section: do not free name in case of error
  2011-08-03 12:02 [Patch]: obj_elf_section: do not free name in case of error Tristan Gingold
@ 2011-08-03 14:05 ` Alan Modra
  2011-08-04  7:45   ` Tristan Gingold
  0 siblings, 1 reply; 3+ messages in thread
From: Alan Modra @ 2011-08-03 14:05 UTC (permalink / raw)
  To: Tristan Gingold; +Cc: binutils Development

On Wed, Aug 03, 2011 at 02:01:46PM +0200, Tristan Gingold wrote:
> I think it is easier to simply not trying to deallocate name.

Agreed.  Patch looks good to me.

-- 
Alan Modra
Australia Development Lab, IBM

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Patch]: obj_elf_section: do not free name in case of error
  2011-08-03 14:05 ` Alan Modra
@ 2011-08-04  7:45   ` Tristan Gingold
  0 siblings, 0 replies; 3+ messages in thread
From: Tristan Gingold @ 2011-08-04  7:45 UTC (permalink / raw)
  To: Alan Modra; +Cc: binutils Development


On Aug 3, 2011, at 4:04 PM, Alan Modra wrote:

> On Wed, Aug 03, 2011 at 02:01:46PM +0200, Tristan Gingold wrote:
>> I think it is easier to simply not trying to deallocate name.
> 
> Agreed.  Patch looks good to me.

No regression on powerpc-elf.
Committed.

Thank you for the review,
Tristan.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-08-04  7:45 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-08-03 12:02 [Patch]: obj_elf_section: do not free name in case of error Tristan Gingold
2011-08-03 14:05 ` Alan Modra
2011-08-04  7:45   ` Tristan Gingold

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).