From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 8FA1038376AD for ; Tue, 21 Feb 2023 12:22:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8FA1038376AD Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from r6.localdomain (82-217-174-174.cable.dynamic.v4.ziggo.nl [82.217.174.174]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 2C6873039EBD for ; Tue, 21 Feb 2023 13:22:01 +0100 (CET) Received: by r6.localdomain (Postfix, from userid 1000) id D06DC340232; Tue, 21 Feb 2023 13:22:00 +0100 (CET) Message-ID: <7b219115fa45e41c2ab0769cfc9c98881883d87d.camel@klomp.org> Subject: Re: [PATCH] libasm: Fix use-after-free issue with circular single linked list cleanup From: Mark Wielaard To: elfutils-devel@sourceware.org Date: Tue, 21 Feb 2023 13:22:00 +0100 In-Reply-To: <20230217140027.125332-1-mark@klomp.org> References: <20230217140027.125332-1-mark@klomp.org> Content-Type: multipart/mixed; boundary="=-uEa6ckoWBlRLYJiDFbH1" User-Agent: Evolution 3.46.4 (3.46.4-1.fc37) MIME-Version: 1.0 X-Spam-Status: No, score=-3036.0 required=5.0 tests=BAYES_00,GIT_PATCH_0,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,RCVD_IN_BARRACUDACENTRAL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --=-uEa6ckoWBlRLYJiDFbH1 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, On Fri, 2023-02-17 at 15:00 +0100, Mark Wielaard wrote: > Pointed out by gcc 12 with -Wuse-after-free=3D3 >=20 > In function =E2=80=98free_section=E2=80=99 > asm_end.c:552:17: error: pointer =E2=80=98data=E2=80=99 used after =E2=80= =98free=E2=80=99 [-Werror=3Duse-after-free] > 552 | while (oldp !=3D scnp->content); > | ~~~~~^~~~~~~~~~~~~~~~ > asm_end.c:550:9: note: call to =E2=80=98free=E2=80=99 here > 550 | free (oldp); > | ^~~~~~~~~~~ >=20 > Fix by freeing scnp->content last. I pushed this and also committed the attached patch that adds -Wuse- after-free=3D3 if the compiler supports it. Cheers, Mark --=-uEa6ckoWBlRLYJiDFbH1 Content-Description: Content-Disposition: inline; filename*0=0001-configure-Check-for-and-Wuse-after-free-3-when-avail.pat; filename*1=ch Content-Transfer-Encoding: base64 Content-Type: text/x-patch; name="0001-configure-Check-for-and-Wuse-after-free-3-when-avail.patch"; charset="UTF-8" RnJvbSBjOWMwNTVhNjk0OTcwMmFmNTdlNDZmNGVhYzMzNTVkNGE0Zjk0YzVkIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNYXJrIFdpZWxhYXJkIDxtYXJrQGtsb21wLm9yZz4KRGF0ZTog VHVlLCAyMSBGZWIgMjAyMyAxMzoxMjozOCArMDEwMApTdWJqZWN0OiBbUEFUQ0hdIGNvbmZpZ3Vy ZTogQ2hlY2sgZm9yIGFuZCAtV3VzZS1hZnRlci1mcmVlPTMgd2hlbiBhdmFpbGFibGUKCmdjYyBh bHJlYWR5IGluY2x1ZGVzIC1XdXNlLWFmdGVyLWZyZWU9MiBpbiAtV2FsbC4gLVd1c2UtYWZ0ZXIt ZnJlZT0zCmFsc28gd2FybnMgZm9yIGluZGV0ZXJtaW5hdGUgcG9pbnRlcnMgaW4gZXF1YWxpdHkg ZXhwcmVzc2lvbnMuCgpTaWduZWQtb2ZmLWJ5OiBNYXJrIFdpZWxhYXJkIDxtYXJrQGtsb21wLm9y Zz4KLS0tCiBDaGFuZ2VMb2cgICAgICAgIHwgIDQgKysrKwogY29uZmlnL0NoYW5nZUxvZyB8ICA1 ICsrKysrCiBjb25maWcvZXUuYW0gICAgIHwgIDggKysrKysrKysKIGNvbmZpZ3VyZS5hYyAgICAg fCAxMSArKysrKysrKysrLQogNCBmaWxlcyBjaGFuZ2VkLCAyNyBpbnNlcnRpb25zKCspLCAxIGRl bGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvQ2hhbmdlTG9nIGIvQ2hhbmdlTG9nCmluZGV4IGQ5OWQ4 MzdkLi41ZGE0ZjM1MiAxMDA2NDQKLS0tIGEvQ2hhbmdlTG9nCisrKyBiL0NoYW5nZUxvZwpAQCAt MSwzICsxLDcgQEAKKzIwMjMtMDItMjEgIE1hcmsgV2llbGFhcmQgIDxtYXJrQGtsb21wLm9yZz4K KworCSogY29uZmlndXJlLmFjOiBDaGVjayBmb3IgLVd1c2UtYWZ0ZXItZnJlZT0zCisKIDIwMjMt MDItMTUgIE1hcmsgV2llbGFhcmQgIDxtYXJrQGtsb21wLm9yZz4KIAogCSogY29uZmlndXJlLmFj OiBFcnJvciBvdXQgd2hlbiBkZW1hbmdsZXIgaXMgZW5hYmxlZCwgYnV0CmRpZmYgLS1naXQgYS9j b25maWcvQ2hhbmdlTG9nIGIvY29uZmlnL0NoYW5nZUxvZwppbmRleCBjNjNjYWEwYy4uY2UxZjc0 ZjYgMTAwNjQ0Ci0tLSBhL2NvbmZpZy9DaGFuZ2VMb2cKKysrIGIvY29uZmlnL0NoYW5nZUxvZwpA QCAtMSwzICsxLDggQEAKKzIwMjMtMDItMjEgIE1hcmsgV2llbGFhcmQgIDxtYXJrQGtsb21wLm9y Zz4KKworCSogZXUuYW0gKFVTRV9BRlRFUl9GUkVFM19XQVJOSU5HKTogRGVmaW5lLgorCShBTV9D RkxBR1MpOiBVc2UgVVNFX0FGVEVSX0ZSRUUzX1dBUk5JTkcuCisKIDIwMjItMTAtMDIgIE1hcmsg V2llbGFhcmQgIDxtYXJrQGtsb21wLm9yZz4KIAogCSogZWxmdXRpbHMuc3BlYy5pbjogVXBkYXRl IGZvciAwLjE4OC4KZGlmZiAtLWdpdCBhL2NvbmZpZy9ldS5hbSBiL2NvbmZpZy9ldS5hbQppbmRl eCBjM2NlZmU3ZS4uZTZjMjQxZjkgMTAwNjQ0Ci0tLSBhL2NvbmZpZy9ldS5hbQorKysgYi9jb25m aWcvZXUuYW0KQEAgLTEsNiArMSw3IEBACiAjIyBDb21tb24gYXV0b21ha2UgZnJhZ21lbnRzIGZv ciBlbGZ1dGlscyBzdWJkaXJlY3RvcnkgbWFrZWZpbGVzLgogIyMKICMjIENvcHlyaWdodCAoQykg MjAxMCwgMjAxNCwgMjAxNiBSZWQgSGF0LCBJbmMuCisjIyBDb3B5cmlnaHQgKEMpIDIwMjMsIE1h cmsgSi4gV2llbGFhcmQgPG1hcmtAa2xvbXAub3JnPgogIyMKICMjIFRoaXMgZmlsZSBpcyBwYXJ0 IG9mIGVsZnV0aWxzLgogIyMKQEAgLTg3LDEwICs4OCwxNyBAQCBlbHNlCiBOT19QQUNLRURfTk9U X0FMSUdORURfV0FSTklORz0KIGVuZGlmCiAKK2lmIEhBVkVfVVNFX0FGVEVSX0ZSRUUzX1dBUk5J TkcKK1VTRV9BRlRFUl9GUkVFM19XQVJOSU5HPS1XdXNlLWFmdGVyLWZyZWU9MworZWxzZQorVVNF X0FGVEVSX0ZSRUUzX1dBUk5JTkc9CitlbmRpZgorCiBBTV9DRkxBR1MgPSAtc3RkPWdudTk5IC1X YWxsIC1Xc2hhZG93IC1XZm9ybWF0PTIgXAogCSAgICAtV29sZC1zdHlsZS1kZWZpbml0aW9uIC1X c3RyaWN0LXByb3RvdHlwZXMgJChUUkFNUE9MSU5FU19XQVJOSU5HKSBcCiAJICAgICQoTE9HSUNB TF9PUF9XQVJOSU5HKSAkKERVUExJQ0FURURfQ09ORF9XQVJOSU5HKSBcCiAJICAgICQoTlVMTF9E RVJFRkVSRU5DRV9XQVJOSU5HKSAkKElNUExJQ0lUX0ZBTExUSFJPVUdIX1dBUk5JTkcpIFwKKwkg ICAgJChVU0VfQUZURVJfRlJFRTNfV0FSTklORykgXAogCSAgICAkKGlmICQoJCgqRilfbm9fV2Vy cm9yKSwsLVdlcnJvcikgXAogCSAgICAkKGlmICQoJCgqRilfbm9fV3VudXNlZCksLC1XdW51c2Vk IC1XZXh0cmEpIFwKIAkgICAgJChpZiAkKCQoKkYpX25vX1dzdGFja191c2FnZSksLCQoU1RBQ0tf VVNBR0VfV0FSTklORykpIFwKZGlmZiAtLWdpdCBhL2NvbmZpZ3VyZS5hYyBiL2NvbmZpZ3VyZS5h YwppbmRleCA0YzhhNGMzMS4uMTQyYTg5ZjYgMTAwNjQ0Ci0tLSBhL2NvbmZpZ3VyZS5hYworKysg Yi9jb25maWd1cmUuYWMKQEAgLTIsNyArMiw3IEBAIGRubCBQcm9jZXNzIHRoaXMgZmlsZSB3aXRo IGF1dG9jb25mIHRvIHByb2R1Y2UgYSBjb25maWd1cmUgc2NyaXB0LgogZG5sIENvbmZpZ3VyZSBp bnB1dCBmaWxlIGZvciBlbGZ1dGlscy4gICAgICAgICAgICAgICAgICAgICAtKi1hdXRvY29uZi0q LQogZG5sCiBkbmwgQ29weXJpZ2h0IChDKSAxOTk2LTIwMTkgUmVkIEhhdCwgSW5jLgotZG5sIENv cHlyaWdodCAoQykgMjAyMiBNYXJrIEouIFdpZWxhYXJkIDxtYXJrQGtsb21wLm9yZz4KK2RubCBD b3B5cmlnaHQgKEMpIDIwMjIsIDIwMjMgTWFyayBKLiBXaWVsYWFyZCA8bWFya0BrbG9tcC5vcmc+ CiBkbmwKIGRubCBUaGlzIGZpbGUgaXMgcGFydCBvZiBlbGZ1dGlscy4KIGRubApAQCAtNjE4LDYg KzYxOCwxNSBAQCBDRkxBR1M9IiRvbGRfQ0ZMQUdTIl0pCiBBTV9DT05ESVRJT05BTChIQVZFX05P X1BBQ0tFRF9OT1RfQUxJR05FRF9XQVJOSU5HLAogCSAgICAgICBbdGVzdCAieCRhY19jdl9ub19w YWNrZWRfbm90X2FsaWduZWQiICE9ICJ4bm8iXSkKIAorQUNfQ0FDSEVfQ0hFQ0soW3doZXRoZXIg dGhlIGNvbXBpbGVyIGFjY2VwdHMgLVd1c2UtYWZ0ZXItZnJlZT0zXSwgYWNfY3ZfdXNlX2FmdGVy X2ZyZWUzLCBbZG5sCitvbGRfQ0ZMQUdTPSIkQ0ZMQUdTIgorQ0ZMQUdTPSIkQ0ZMQUdTIC1XdXNl LWFmdGVyLWZyZWU9MyAtV2Vycm9yIgorQUNfQ09NUElMRV9JRkVMU0UoW0FDX0xBTkdfU09VUkNF KFtdKV0sCisJCSAgYWNfY3ZfdXNlX2FmdGVyX2ZyZWUzPXllcywgYWNfY3ZfdXNlX2FmdGVyX2Zy ZWUzPW5vKQorQ0ZMQUdTPSIkb2xkX0NGTEFHUyJdKQorQU1fQ09ORElUSU9OQUwoSEFWRV9VU0Vf QUZURVJfRlJFRTNfV0FSTklORywKKwkgICAgICAgW3Rlc3QgIngkYWNfY3ZfdXNlX2FmdGVyX2Zy ZWUzIiAhPSAieG5vIl0pCisKIEFDX0NBQ0hFX0NIRUNLKFt3aGV0aGVyIHRoZSBjb21waWxlciBh Y2NlcHRzIC1mbm8tYWRkcnNpZ10sIGFjX2N2X2Zub19hZGRyc2lnLCBbZG5sCiBvbGRfQ0ZMQUdT PSIkQ0ZMQUdTIgogQ0ZMQUdTPSIkQ0ZMQUdTIC1mbm8tYWRkcnNpZyAtV2Vycm9yIgotLSAKMi4z OS4yCgo= --=-uEa6ckoWBlRLYJiDFbH1--