Re: comdat_hash memory leaks

Re: comdat_hash memory leaks

[Alan Modra]

I missed another field that needs freeing.  Also, oss-fuzz found a
case with a C_FILE sym using multiple auxents for a long file name
which overflowed the single auxent buffer.  I'm going to fix that
problem in swap_aux_in too, but we may as well avoid it here too,
saving unnecessary work.

	* coffcode.h (comdat_delf): Free comdat_name.
	(fill_comdat_hash): Only look at symbols with one auxent.

diff --git a/bfd/coffcode.h b/bfd/coffcode.h
index 03c1788a1c9..908dc93c64a 100644
--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
@@ -872,6 +872,7 @@ static void
 comdat_delf (void *ent)
 {
   struct comdat_hash_entry *e = ent;
+  free (e->comdat_name);
   free (e->symname);
   free (e);
 }
@@ -964,7 +965,7 @@ fill_comdat_hash (bfd *abfd)
 
       if (*slot == NULL)
 	{
-	  if (isym.n_numaux == 0)
+	  if (isym.n_numaux != 1)
 	    aux.x_scn.x_comdat = 0;
 	  else
 	    {

-- 
Alan Modra
Australia Development Lab, IBM

comdat_hash memory leaks

[Alan Modra]

Entries added to the hash table with bfd_malloc ought to be freed when
the hash table is deleted.  This patch adds the necessary del_f to the
htab_create call, and delays creating the table until an
IMAGE_SCN_LNK_COMDAT symbol is read.

	* peicode.h (pe_mkobject): Move comdat_hash creation..
	(htab_hash_flags, htab_eq_flags): ..and these support functions..
	* coffcode.h (handle_COMDAT): ..to here, renaming support to
	(comdat_hashf, comdat_eqf): ..this and adding..
	(comdat_delf): ..this new function.

diff --git a/bfd/coffcode.h b/bfd/coffcode.h
index 2d40c5cfcac..03c1788a1c9 100644
--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
@@ -853,6 +853,29 @@ styp_to_sec_flags (bfd *abfd,
 
 #else /* COFF_WITH_PE */
 
+static hashval_t
+comdat_hashf (const void *entry)
+{
+  const struct comdat_hash_entry *fe = entry;
+  return fe->target_index;
+}
+
+static int
+comdat_eqf (const void *e1, const void *e2)
+{
+  const struct comdat_hash_entry *fe1 = e1;
+  const struct comdat_hash_entry *fe2 = e2;
+  return fe1->target_index == fe2->target_index;
+}
+
+static void
+comdat_delf (void *ent)
+{
+  struct comdat_hash_entry *e = ent;
+  free (e->symname);
+  free (e);
+}
+
 static struct comdat_hash_entry *
 find_flags (htab_t comdat_hash, int target_index)
 {
@@ -1085,6 +1108,14 @@ static bool
 handle_COMDAT (bfd *abfd, flagword *sec_flags, const char *name,
 	       asection *section)
 {
+  if (pe_data (abfd)->comdat_hash == NULL)
+    {
+      pe_data (abfd)->comdat_hash = htab_create (10, comdat_hashf, comdat_eqf,
+						 comdat_delf);
+      if (pe_data (abfd)->comdat_hash == NULL)
+	return false;
+    }
+
   if (htab_elements (pe_data (abfd)->comdat_hash) == 0)
     if (! fill_comdat_hash (abfd))
       return false;
diff --git a/bfd/peicode.h b/bfd/peicode.h
index e1d06606575..1ff13b0313d 100644
--- a/bfd/peicode.h
+++ b/bfd/peicode.h
@@ -255,21 +255,6 @@ coff_swap_scnhdr_in (bfd * abfd, void * ext, void * in)
 #endif
 }
 
-static hashval_t
-htab_hash_flags (const void *entry)
-{
-  const struct comdat_hash_entry *fe = entry;
-  return fe->target_index;
-}
-
-static int
-htab_eq_flags (const void *e1, const void *e2)
-{
-  const struct comdat_hash_entry *fe1 = e1;
-  const struct comdat_hash_entry *fe2 = e2;
-  return fe1->target_index == fe2->target_index;
-}
-
 static bool
 pe_mkobject (bfd * abfd)
 {
@@ -306,8 +291,6 @@ pe_mkobject (bfd * abfd)
   pe->dos_message[14] = 0x24;
   pe->dos_message[15] = 0x0;
 
-  pe->comdat_hash = htab_create (10, htab_hash_flags, htab_eq_flags, NULL);
-
   memset (& pe->pe_opthdr, 0, sizeof pe->pe_opthdr);
 
   bfd_coff_long_section_names (abfd)

-- 
Alan Modra
Australia Development Lab, IBM