* RFA: fix bfd_close call in dlltool.c
@ 2012-08-03 14:53 Tom Tromey
2012-08-03 16:15 ` Alan Modra
0 siblings, 1 reply; 2+ messages in thread
From: Tom Tromey @ 2012-08-03 14:53 UTC (permalink / raw)
To: Binutils Development
I looked at all the calls to bfd_openr_next_archived_file in binutils
and gdb.
This one stuck out as an obvious bug (the only one, btw). dlltool.c is
closing a member BFD before passing it to bfd_openr_next_archived_file.
This can cause crashes. You can easily see the failure under valgrind:
barimba. valgrind ./dlltool -e zz.o /usr/lib64/libutil.a
[...]
==6338== Invalid read of size 8
==6338== at 0x410A55: bfd_generic_openr_next_archived_file (archive.c:755)
==6338== by 0x405A22: scan_obj_file (dlltool.c:1700)
==6338== by 0x40C992: main (dlltool.c:4241)
==6338== Address 0x4c3ba30 is 208 bytes inside a block of size 296 free'd
==6338== at 0x4A0662E: free (vg_replace_malloc.c:366)
==6338== by 0x41A6AF: bfd_close (opncls.c:734)
==6338== by 0x405A0F: scan_obj_file (dlltool.c:1699)
==6338== by 0x40C992: main (dlltool.c:4241)
Here's the fix.
Ok?
Tom
2012-08-03 Tom Tromey <tromey@redhat.com>
* dlltool.c (scan_obj_file): Close arfile after calling
bfd_openr_next_archived_file.
diff --git a/binutils/dlltool.c b/binutils/dlltool.c
index 6ed0f7a..8d458d7 100644
--- a/binutils/dlltool.c
+++ b/binutils/dlltool.c
@@ -1694,10 +1694,12 @@ scan_obj_file (const char *filename)
bfd *arfile = bfd_openr_next_archived_file (f, 0);
while (arfile)
{
+ bfd *next;
if (bfd_check_format (arfile, bfd_object))
scan_open_obj_file (arfile);
+ next = bfd_openr_next_archived_file (f, arfile);
bfd_close (arfile);
- arfile = bfd_openr_next_archived_file (f, arfile);
+ arfile = next;
}
#ifdef DLLTOOL_MCORE_ELF
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-08-03 16:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-03 14:53 RFA: fix bfd_close call in dlltool.c Tom Tromey
2012-08-03 16:15 ` Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).