* [Patch]: obj_elf_section: do not free name in case of error
@ 2011-08-03 12:02 Tristan Gingold
2011-08-03 14:05 ` Alan Modra
0 siblings, 1 reply; 3+ messages in thread
From: Tristan Gingold @ 2011-08-03 12:02 UTC (permalink / raw)
To: binutils Development
Hi,
in case of parse error during obj_elf_section, xfree (name) is called to free the section name.
However, name may not be allocated on the heap: for names enclosed in quotes, obj_elf_section_name calls
demand_copy_C_string which allocates the string on the notes obstack.
So, an invalid .section directive may corrupt the heap because of such invalid call to free.
I think it is easier to simply not trying to deallocate name. In case of success (which should happen more frequently),
we don't bother about this potential memory leak too.
Thoughts ?
Tristan.
2011-08-03 Tristan Gingold <gingold@adacore.com>
* config/obj-elf.c (obj_elf_section): Do not free name.
diff --git a/gas/config/obj-elf.c b/gas/config/obj-elf.c
index 820f1cf..6e16a62 100644
--- a/gas/config/obj-elf.c
+++ b/gas/config/obj-elf.c
if (beg == NULL)
{
ignore_rest_of_line ();
- xfree (name);
return;
}
attr |= obj_elf_parse_section_letters (beg, strlen (beg), &clone);
@@ -1004,7 +1003,6 @@ obj_elf_section (int push)
if (beg == NULL)
{
ignore_rest_of_line ();
- xfree (name);
return;
}
type = obj_elf_section_type (beg, strlen (beg), TRUE);
@@ -1086,7 +1084,6 @@ obj_elf_section (int push)
{
as_bad (_("character following name is not '#'"));
ignore_rest_of_line ();
- xfree (name);
return;
}
beg = ++input_line_pointer;
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Patch]: obj_elf_section: do not free name in case of error
2011-08-03 12:02 [Patch]: obj_elf_section: do not free name in case of error Tristan Gingold
@ 2011-08-03 14:05 ` Alan Modra
2011-08-04 7:45 ` Tristan Gingold
0 siblings, 1 reply; 3+ messages in thread
From: Alan Modra @ 2011-08-03 14:05 UTC (permalink / raw)
To: Tristan Gingold; +Cc: binutils Development
On Wed, Aug 03, 2011 at 02:01:46PM +0200, Tristan Gingold wrote:
> I think it is easier to simply not trying to deallocate name.
Agreed. Patch looks good to me.
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Patch]: obj_elf_section: do not free name in case of error
2011-08-03 14:05 ` Alan Modra
@ 2011-08-04 7:45 ` Tristan Gingold
0 siblings, 0 replies; 3+ messages in thread
From: Tristan Gingold @ 2011-08-04 7:45 UTC (permalink / raw)
To: Alan Modra; +Cc: binutils Development
On Aug 3, 2011, at 4:04 PM, Alan Modra wrote:
> On Wed, Aug 03, 2011 at 02:01:46PM +0200, Tristan Gingold wrote:
>> I think it is easier to simply not trying to deallocate name.
>
> Agreed. Patch looks good to me.
No regression on powerpc-elf.
Committed.
Thank you for the review,
Tristan.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-08-04 7:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-08-03 12:02 [Patch]: obj_elf_section: do not free name in case of error Tristan Gingold
2011-08-03 14:05 ` Alan Modra
2011-08-04 7:45 ` Tristan Gingold
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).