From: Sriraman Tallam <tmsriram@google.com>
To: binutils <binutils@sourceware.org>,
"Doug Kwan (關振德)" <dougkwan@google.com>,
"Ian Lance Taylor" <iant@google.com>,
rguenth@gcc.gnu.org
Subject: Dangling pointer in ICF from c_str method.
Date: Wed, 02 Feb 2011 21:20:00 -0000 [thread overview]
Message-ID: <AANLkTimrzaPG-i0UPpdtYy9Hk8f=8PzZ1+GFxsmTvQ17@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 683 bytes --]
Hi,
Doug Kwan found a bug in ICF caused by a dangling pointer from
using c_str on a temporary string object. I have attached a patch to
fix it. I suspect this as the cause of bug reported in :
http://sourceware.org/bugzilla/show_bug.cgi?id=12388. Richard, could
you please see if this patch fixes the bug as I am unable to reproduce
it.
2011-02-02 Sriraman Tallam <tmsriram@google.com>
* icf.h (is_section_foldable_candidate): Change type of parameter
to std::string.
* icf.cc (Icf::find_identical_sections): Change type of local variable
section_name to be std::string.
(is_function_ctor_or_dtor): Change type of parameter to std::string.
Thanks,
-Sri.
[-- Attachment #2: gold_patch.txt --]
[-- Type: text/plain, Size: 3380 bytes --]
Index: icf.cc
===================================================================
RCS file: /cvs/src/src/gold/icf.cc,v
retrieving revision 1.18
diff -u -u -p -r1.18 icf.cc
--- icf.cc 25 Jan 2011 17:14:59 -0000 1.18
+++ icf.cc 2 Feb 2011 19:58:33 -0000
@@ -652,16 +652,17 @@ match_sections(unsigned int iteration_nu
}
// During safe icf (--icf=safe), only fold functions that are ctors or dtors.
-// This function returns true if the mangled function name is a ctor or a
-// dtor.
+// This function returns true if the section name is that of a ctor or a dtor.
static bool
-is_function_ctor_or_dtor(const char* mangled_func_name)
+is_function_ctor_or_dtor(const std::string& section_name)
{
- if ((is_prefix_of("_ZN", mangled_func_name)
- || is_prefix_of("_ZZ", mangled_func_name))
- && (is_gnu_v3_mangled_ctor(mangled_func_name)
- || is_gnu_v3_mangled_dtor(mangled_func_name)))
+ const char* mangled_func_name = strrchr(section_name.c_str(), '.');
+ gold_assert (mangled_func_name != NULL);
+ if ((is_prefix_of("._ZN", mangled_func_name)
+ || is_prefix_of("._ZZ", mangled_func_name))
+ && (is_gnu_v3_mangled_ctor(mangled_func_name + 1)
+ || is_gnu_v3_mangled_dtor(mangled_func_name + 1)))
{
return true;
}
@@ -696,7 +697,7 @@ Icf::find_identical_sections(const Input
for (unsigned int i = 0;i < (*p)->shnum(); ++i)
{
- const char* section_name = (*p)->section_name(i).c_str();
+ const std::string& section_name = (*p)->section_name(i);
if (!is_section_foldable_candidate(section_name))
continue;
if (!(*p)->is_section_included(i))
@@ -704,13 +705,11 @@ Icf::find_identical_sections(const Input
if (parameters->options().gc_sections()
&& symtab->gc()->is_section_garbage(*p, i))
continue;
- const char* mangled_func_name = strrchr(section_name, '.');
- gold_assert(mangled_func_name != NULL);
// With --icf=safe, check if the mangled function name is a ctor
// or a dtor. The mangled function name can be obtained from the
// section name by stripping the section prefix.
if (parameters->options().icf_safe_folding()
- && !is_function_ctor_or_dtor(mangled_func_name + 1)
+ && !is_function_ctor_or_dtor(section_name)
&& (!target.can_check_for_function_pointers()
|| section_has_function_pointers(*p, i)))
{
Index: icf.h
===================================================================
RCS file: /cvs/src/src/gold/icf.h,v
retrieving revision 1.10
diff -u -u -p -r1.10 icf.h
--- icf.h 25 Aug 2010 08:36:54 -0000 1.10
+++ icf.h 2 Feb 2011 19:58:33 -0000
@@ -168,10 +168,11 @@ class Icf
// earlier gcc versions, like 4.0.3, put constructors and destructors in
// .gnu.linkonce.t sections and hence should be included too.
inline bool
-is_section_foldable_candidate(const char* section_name)
+is_section_foldable_candidate(const std::string& section_name)
{
- return (is_prefix_of(".text", section_name)
- || is_prefix_of(".gnu.linkonce.t", section_name));
+ const char* section_name_cstr = section_name.c_str();
+ return (is_prefix_of(".text", section_name_cstr)
+ || is_prefix_of(".gnu.linkonce.t", section_name_cstr));
}
} // End of namespace gold.
cvs diff: Diffing po
cvs diff: Diffing testsuite
next reply other threads:[~2011-02-02 21:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-02 21:20 Sriraman Tallam [this message]
2011-02-02 21:48 ` Ian Lance Taylor
2011-02-02 21:57 ` Sriraman Tallam
2011-02-03 9:41 ` Richard Guenther
2011-02-03 20:42 ` Ian Lance Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='AANLkTimrzaPG-i0UPpdtYy9Hk8f=8PzZ1+GFxsmTvQ17@mail.gmail.com' \
--to=tmsriram@google.com \
--cc=binutils@sourceware.org \
--cc=dougkwan@google.com \
--cc=iant@google.com \
--cc=rguenth@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).