RFA: fix bfd_close call in dlltool.c

RFA: fix bfd_close call in dlltool.c

[Tom Tromey]

I looked at all the calls to bfd_openr_next_archived_file in binutils
and gdb.

This one stuck out as an obvious bug (the only one, btw).  dlltool.c is
closing a member BFD before passing it to bfd_openr_next_archived_file.
This can cause crashes.  You can easily see the failure under valgrind:

barimba. valgrind ./dlltool -e zz.o /usr/lib64/libutil.a
[...]
==6338== Invalid read of size 8
==6338==    at 0x410A55: bfd_generic_openr_next_archived_file (archive.c:755)
==6338==    by 0x405A22: scan_obj_file (dlltool.c:1700)
==6338==    by 0x40C992: main (dlltool.c:4241)
==6338==  Address 0x4c3ba30 is 208 bytes inside a block of size 296 free'd
==6338==    at 0x4A0662E: free (vg_replace_malloc.c:366)
==6338==    by 0x41A6AF: bfd_close (opncls.c:734)
==6338==    by 0x405A0F: scan_obj_file (dlltool.c:1699)
==6338==    by 0x40C992: main (dlltool.c:4241)


Here's the fix.
Ok?

Tom

2012-08-03  Tom Tromey  <tromey@redhat.com>

	* dlltool.c (scan_obj_file): Close arfile after calling
	bfd_openr_next_archived_file.

diff --git a/binutils/dlltool.c b/binutils/dlltool.c
index 6ed0f7a..8d458d7 100644
--- a/binutils/dlltool.c
+++ b/binutils/dlltool.c
@@ -1694,10 +1694,12 @@ scan_obj_file (const char *filename)
       bfd *arfile = bfd_openr_next_archived_file (f, 0);
       while (arfile)
 	{
+	  bfd *next;
 	  if (bfd_check_format (arfile, bfd_object))
 	    scan_open_obj_file (arfile);
+	  next = bfd_openr_next_archived_file (f, arfile);
 	  bfd_close (arfile);
-	  arfile = bfd_openr_next_archived_file (f, arfile);
+	  arfile = next;
 	}
 
 #ifdef DLLTOOL_MCORE_ELF

Re: RFA: fix bfd_close call in dlltool.c

[Alan Modra]

On Fri, Aug 03, 2012 at 08:51:03AM -0600, Tom Tromey wrote:
> 	* dlltool.c (scan_obj_file): Close arfile after calling
> 	bfd_openr_next_archived_file.

OK, thanks!

-- 
Alan Modra
Australia Development Lab, IBM