PATCH, COMMIT: Fix remap memory corruption

public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed

* PATCH, COMMIT: Fix remap memory corruption
@ 2011-03-11 14:18 Nick Clifton
  0 siblings, 0 replies; only message in thread
From: Nick Clifton @ 2011-03-11 14:18 UTC (permalink / raw)
  To: binutils

Hi Guys,

  I am applying the patch below to fix a memory corruption problem with
  the remap_debug_filename() function.  The problems was that if the
  requested filename was in the prefix map list then the filename would
  be returned without copying it into a newly allocated block of memory,
  but out_debug_info() always tries to free the returned pointer.

  I have just applied the simple fix of always having
  remap_debug_filename() allocate memory for the returned pointer, and
  then fixing up the one place where the pointer was not freed.

  Tested with a wide variety of different toolchains an no regressions.

Cheers
  Nick

gas/ChangeLog
2011-03-11  Nick Clifton  <nickc@redhat.com>

	* remap.c (remap_debug_filename): Always allocate a buffer for the
	returned pointer.
	* stabs.c (stabs_generate_asm_file): Free the pointer returned by
	remap_debug_filename.

  
Index: gas/remap.c
===================================================================
RCS file: /cvs/src/src/gas/remap.c,v
retrieving revision 1.3
diff -u -3 -p -r1.3 remap.c
--- gas/remap.c	28 Feb 2011 18:32:52 -0000	1.3
+++ gas/remap.c	11 Mar 2011 14:12:22 -0000
@@ -65,8 +65,9 @@ add_debug_prefix_map (const char *arg)
   debug_prefix_maps = map;
 }
 
-/* Perform user-specified mapping of debug filename prefixes.  Return
-   the new name corresponding to FILENAME.  */
+/* Perform user-specified mapping of debug filename prefixes.  Returns
+   a newly allocated buffer containing the name corresponding to FILENAME.
+   It is the caller's responsibility to free the buffer.  */
 
 const char *
 remap_debug_filename (const char *filename)
@@ -80,7 +81,7 @@ remap_debug_filename (const char *filena
     if (filename_ncmp (filename, map->old_prefix, map->old_len) == 0)
       break;
   if (!map)
-    return filename;
+    return xstrdup (filename);
   name = filename + map->old_len;
   name_len = strlen (name) + 1;
   s = (char *) alloca (name_len + map->new_len);
Index: gas/stabs.c
===================================================================
RCS file: /cvs/src/src/gas/stabs.c,v
retrieving revision 1.34
diff -u -3 -p -r1.34 stabs.c
--- gas/stabs.c	28 Feb 2011 18:32:52 -0000	1.34
+++ gas/stabs.c	11 Mar 2011 14:12:23 -0000
@@ -502,6 +502,7 @@ stabs_generate_asm_file (void)
       dir2 = (char *) alloca (strlen (dir) + 2);
       sprintf (dir2, "%s%s", dir, "/");
       generate_asm_file (N_SO, dir2);
+      xfree ((char *) dir);
     }
   generate_asm_file (N_SO, file);
 }

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2011-03-11 14:18 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-03-11 14:18 PATCH, COMMIT: Fix remap memory corruption Nick Clifton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).