From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 20672 invoked by alias); 26 Jun 2014 14:37:18 -0000 Mailing-List: contact gdb-prs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-prs-owner@sourceware.org Received: (qmail 20626 invoked by uid 55); 26 Jun 2014 14:37:17 -0000 From: "cvs-commit at gcc dot gnu.org" To: gdb-prs@sourceware.org Subject: [Bug symtab/16902] GDB use-after-free segfault when loading certain program's debug symbols Date: Thu, 26 Jun 2014 14:37:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: symtab X-Bugzilla-Version: 7.7 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-q2/txt/msg00493.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=16902 --- Comment #6 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gdb and binutils". The branch, master has been updated via 34a68019ccc3879801a291a00bad5bc10558bf5d (commit) from 334ac421efca80df2f95960d917ea9cb5823fb18 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=34a68019ccc3879801a291a00bad5bc10558bf5d commit 34a68019ccc3879801a291a00bad5bc10558bf5d Author: Tom Tromey Date: Mon Jun 16 03:17:19 2014 -0600 fix memory errors with demangled name hash This fixes a regression that Jan pointed out. The bug is that some names were allocated by dwarf2read on the objfile obstack, but then passed to SYMBOL_SET_NAMES with copy_name=0. This violates the invariant that the names must have a lifetime tied to the lifetime of the BFD. The fix is to allocate names on the per-BFD obstack. I looked at all callers, direct or indirect, of SYMBOL_SET_NAMES that pass copy_name=0. Note that only the ELF and DWARF readers do this; other symbol readers were never updated (and perhaps cannot be, depending on the details of the formats). This is why the patch is relatively small. Built and regtested on x86-64 Fedora 20. 2014-06-26 Tom Tromey PR symtab/16902: * dwarf2read.c (fixup_go_packaging, dwarf2_compute_name) (dwarf2_physname, read_partial_die) (guess_partial_die_structure_name, fixup_partial_die) (guess_full_die_structure_name, anonymous_struct_prefix) (dwarf2_name): Use per-BFD obstack. ----------------------------------------------------------------------- Summary of changes: gdb/ChangeLog | 9 ++++++++ gdb/dwarf2read.c | 58 ++++++++++++++++++++++++++++++++--------------------- 2 files changed, 44 insertions(+), 23 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.