mirrors/binutils-gdb
0
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2024-12-12 11:53:32 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

asan: more readelf leaks

Browse Source 
* elfcomm.c (get_archive_member_name): Always return malloc'd
	string or NULL.
	* elfedit.c (process_archive): Tidy memory on all return paths.
	* readelf.c (process_archive): Likewise.
	(process_symbol_table): Likewise.
	(ba_cache): New, replacing ..
	(get_symbol_for_build_attribute): ..static vars here.  Free
	strtab and symtab before loading new ones.  Reject symtab without
	valid strtab in loop, breaking out of loop on valid symtab.
	(process_file): Free ba_cache symtab and strtab here, resetting
	ba_cache.
This commit is contained in:
Alan Modra 2020-03-13 13:21:15 +10:30
parent 49ba92c0a6
commit fd486f32d1
4 changed files with 120 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
binutils/ChangeLog
View File

@ -1,3 +1,17 @@
2020-03-13 Alan Modra <amodra@gmail.com>
* elfcomm.c (get_archive_member_name): Always return malloc'd
string or NULL.
* elfedit.c (process_archive): Tidy memory on all return paths.
* readelf.c (process_archive): Likewise.
(process_symbol_table): Likewise.
(ba_cache): New, replacing ..
(get_symbol_for_build_attribute): ..static vars here. Free
strtab and symtab before loading new ones. Reject symtab without
valid strtab in loop, breaking out of loop on valid symtab.
(process_file): Free ba_cache symtab and strtab here, resetting
ba_cache.
2020-03-12 Alan Modra <amodra@gmail.com>
* readelf.c (process_section_headers): Don't just set

8
binutils/elfcomm.c
View File

@ -797,7 +797,7 @@ get_archive_member_name (struct archive_info *arch,
arch->longnames[j] = '\0';
if (!arch->is_thin_archive || arch->nested_member_origin == 0)
return arch->longnames + k;
return xstrdup (arch->longnames + k);
/* PR 17531: file: 2896dc8b. */
if (k >= j)
@ -813,7 +813,7 @@ get_archive_member_name (struct archive_info *arch,
if (member_file_name != NULL
&& setup_nested_archive (nested_arch, member_file_name) == 0)
{
member_name = get_archive_member_name_at (nested_arch,
member_name = get_archive_member_name_at (nested_arch,
arch->nested_member_origin,
NULL);
if (member_name != NULL)
@ -825,7 +825,7 @@ get_archive_member_name (struct archive_info *arch,
free (member_file_name);
/* Last resort: just return the name of the nested archive. */
return arch->longnames + k;
return xstrdup (arch->longnames + k);
}
/* We have a normal (short) name. */
@ -833,7 +833,7 @@ get_archive_member_name (struct archive_info *arch,
if (arch->arhdr.ar_name[j] == '/')
{
arch->arhdr.ar_name[j] = '\0';
return arch->arhdr.ar_name;
return xstrdup (arch->arhdr.ar_name);
}
/* The full ar_name field is used. Don't rely on ar_date starting

9
binutils/elfedit.c
View File

@ -616,6 +616,7 @@ process_archive (const char * file_name, FILE * file,
if (qualified_name == NULL)
{
error (_("%s: bad archive file name\n"), file_name);
free (name);
ret = 1;
break;
}
@ -626,8 +627,10 @@ process_archive (const char * file_name, FILE * file,
FILE *member_file;
char *member_file_name = adjust_relative_path (file_name,
name, namelen);
free (name);
if (member_file_name == NULL)
{
free (qualified_name);
ret = 1;
break;
}
@ -638,6 +641,7 @@ process_archive (const char * file_name, FILE * file,
error (_("Input file '%s' is not readable\n"),
member_file_name);
free (member_file_name);
free (qualified_name);
ret = 1;
break;
}
@ -648,9 +652,12 @@ process_archive (const char * file_name, FILE * file,
fclose (member_file);
free (member_file_name);
free (qualified_name);
}
else if (is_thin_archive)
{
free (name);
/* This is a proxy for a member of a nested archive. */
archive_file_offset = arch.nested_member_origin + sizeof arch.arhdr;
@ -661,6 +668,7 @@ process_archive (const char * file_name, FILE * file,
{
error (_("%s: failed to seek to archive member\n"),
nested_arch.file_name);
free (qualified_name);
ret = 1;
break;
}
@ -669,6 +677,7 @@ process_archive (const char * file_name, FILE * file,
}
else
{
free (name);
archive_file_offset = arch.next_arhdr_offset;
arch.next_arhdr_offset += archive_file_size;

150
binutils/readelf.c
View File

@ -11766,17 +11766,17 @@ process_symbol_table (Filedata * filedata)
buckets = get_dynamic_data (filedata, nbuckets, hash_ent_size);
chains = get_dynamic_data (filedata, nchains, hash_ent_size);
no_hash:
if (buckets == NULL || chains == NULL)
{
if (do_using_dynamic)
return FALSE;
no_hash:
free (buckets);
free (chains);
buckets = NULL;
chains = NULL;
nbuckets = 0;
nchains = 0;
if (do_using_dynamic)
goto err_out;
}
}
@ -11833,7 +11833,7 @@ process_symbol_table (Filedata * filedata)
if (gnubuckets[i] != 0)
{
if (gnubuckets[i] < gnusymidx)
return FALSE;
goto err_out;
if (maxchain == 0xffffffff || gnubuckets[i] > maxchain)
maxchain = gnubuckets[i];
@ -11898,21 +11898,17 @@ process_symbol_table (Filedata * filedata)
}
mipsxlat = get_dynamic_data (filedata, maxchain, 4);
}
no_gnu_hash:
if (dynamic_info_DT_MIPS_XHASH && mipsxlat == NULL)
{
free (gnuchains);
gnuchains = NULL;
}
if (gnuchains == NULL)
{
free (gnubuckets);
gnubuckets = NULL;
ngnubuckets = 0;
if (do_using_dynamic)
return FALSE;
if (mipsxlat == NULL)
{
no_gnu_hash:
free (gnuchains);
gnuchains = NULL;
free (gnubuckets);
gnubuckets = NULL;
ngnubuckets = 0;
if (do_using_dynamic)
goto err_out;
}
}
}
@ -12129,7 +12125,7 @@ process_symbol_table (Filedata * filedata)
if (lengths == NULL)
{
error (_("Out of memory allocating space for histogram buckets\n"));
return FALSE;
goto err_out;
}
visited = xcmalloc (nchains, 1);
memset (visited, 0, nchains);
@ -12157,7 +12153,7 @@ process_symbol_table (Filedata * filedata)
{
free (lengths);
error (_("Out of memory allocating space for histogram counts\n"));
return FALSE;
goto err_out;
}
for (hn = 0; hn < nbuckets; ++hn)
@ -12181,11 +12177,10 @@ process_symbol_table (Filedata * filedata)
free (lengths);
}
if (buckets != NULL)
{
free (buckets);
free (chains);
}
free (buckets);
buckets = NULL;
free (chains);
chains = NULL;
if (do_histogram && gnubuckets != NULL)
{
@ -12208,7 +12203,7 @@ process_symbol_table (Filedata * filedata)
if (lengths == NULL)
{
error (_("Out of memory allocating space for gnu histogram buckets\n"));
return FALSE;
goto err_out;
}
printf (_(" Length Number %% of total Coverage\n"));
@ -12234,7 +12229,7 @@ process_symbol_table (Filedata * filedata)
{
free (lengths);
error (_("Out of memory allocating space for gnu histogram counts\n"));
return FALSE;
goto err_out;
}
for (hn = 0; hn < ngnubuckets; ++hn)
@ -12256,12 +12251,19 @@ process_symbol_table (Filedata * filedata)
free (counts);
free (lengths);
free (gnubuckets);
free (gnuchains);
free (mipsxlat);
}
free (gnubuckets);
free (gnuchains);
free (mipsxlat);
return TRUE;
err_out:
free (gnubuckets);
free (gnuchains);
free (mipsxlat);
free (buckets);
free (chains);
return FALSE;
}
static bfd_boolean
@ -18773,6 +18775,14 @@ print_ia64_vms_note (Elf_Internal_Note * pnote)
return FALSE;
}
struct build_attr_cache {
Filedata *filedata;
char *strtab;
unsigned long strtablen;
Elf_Internal_Sym *symtab;
unsigned long nsyms;
} ba_cache;
/* Find the symbol associated with a build attribute that is attached
to address OFFSET. If PNAME is non-NULL then store the name of
the symbol (if found) in the provided pointer, Returns NULL if a
@ -18784,19 +18794,19 @@ get_symbol_for_build_attribute (Filedata * filedata,
bfd_boolean is_open_attr,
const char ** pname)
{
static Filedata * saved_filedata = NULL;
static char * strtab;
static unsigned long strtablen;
static Elf_Internal_Sym * symtab;
static unsigned long nsyms;
Elf_Internal_Sym * saved_sym = NULL;
Elf_Internal_Sym * sym;
Elf_Internal_Sym *saved_sym = NULL;
Elf_Internal_Sym *sym;
if (filedata->section_headers != NULL
&& (saved_filedata == NULL || filedata != saved_filedata))
&& (ba_cache.filedata == NULL || filedata != ba_cache.filedata))
{
Elf_Internal_Shdr * symsec;
free (ba_cache.strtab);
ba_cache.strtab = NULL;
free (ba_cache.symtab);
ba_cache.symtab = NULL;
/* Load the symbol and string sections. */
for (symsec = filedata->section_headers;
symsec < filedata->section_headers + filedata->file_header.e_shnum;
@ -18804,41 +18814,52 @@ get_symbol_for_build_attribute (Filedata * filedata,
{
if (symsec->sh_type == SHT_SYMTAB)
{
symtab = GET_ELF_SYMBOLS (filedata, symsec, & nsyms);
ba_cache.symtab = GET_ELF_SYMBOLS (filedata, symsec,
&ba_cache.nsyms);
if (symsec->sh_link < filedata->file_header.e_shnum)
if (ba_cache.symtab != NULL
&& symsec->sh_link < filedata->file_header.e_shnum)
{
Elf_Internal_Shdr * strtab_sec = filedata->section_headers + symsec->sh_link;
Elf_Internal_Shdr *strtab_sec
= filedata->section_headers + symsec->sh_link;
strtab = (char *) get_data (NULL, filedata, strtab_sec->sh_offset,
1, strtab_sec->sh_size,
_("string table"));
strtablen = strtab != NULL ? strtab_sec->sh_size : 0;
ba_cache.strtab
= (char *) get_data (NULL, filedata, strtab_sec->sh_offset,
1, strtab_sec->sh_size,
_("string table"));
ba_cache.strtablen = strtab_sec->sh_size;
}
if (ba_cache.strtab == NULL)
{
free (ba_cache.symtab);
ba_cache.symtab = NULL;
}
if (ba_cache.symtab != NULL)
break;
}
}
saved_filedata = filedata;
ba_cache.filedata = filedata;
}
if (symtab == NULL || strtab == NULL)
if (ba_cache.symtab == NULL)
return NULL;
/* Find a symbol whose value matches offset. */
for (sym = symtab; sym < symtab + nsyms; sym ++)
for (sym = ba_cache.symtab; sym < ba_cache.symtab + ba_cache.nsyms; sym ++)
if (sym->st_value == offset)
{
if (sym->st_name >= strtablen)
if (sym->st_name >= ba_cache.strtablen)
/* Huh ? This should not happen. */
continue;
if (strtab[sym->st_name] == 0)
if (ba_cache.strtab[sym->st_name] == 0)
continue;
/* The AArch64 and ARM architectures define mapping symbols
(eg $d, $x, $t) which we want to ignore. */
if (strtab[sym->st_name] == '$'
&& strtab[sym->st_name + 1] != 0
&& strtab[sym->st_name + 2] == 0)
if (ba_cache.strtab[sym->st_name] == '$'
&& ba_cache.strtab[sym->st_name + 1] != 0
&& ba_cache.strtab[sym->st_name + 2] == 0)
continue;
if (is_open_attr)
@ -18855,7 +18876,7 @@ get_symbol_for_build_attribute (Filedata * filedata,
{
/* If the symbol has a size associated
with it then we can stop searching. */
sym = symtab + nsyms;
sym = ba_cache.symtab + ba_cache.nsyms;
}
continue;
@ -18895,7 +18916,7 @@ get_symbol_for_build_attribute (Filedata * filedata,
}
if (saved_sym && pname)
* pname = strtab + saved_sym->st_name;
* pname = ba_cache.strtab + saved_sym->st_name;
return saved_sym;
}
@ -20238,6 +20259,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
putchar ('\n');
free (qualified_name);
}
free (member_name);
}
}
@ -20340,6 +20362,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
if (qualified_name == NULL)
{
error (_("%s: bad archive file name\n"), arch.file_name);
free (name);
ret = FALSE;
break;
}
@ -20351,8 +20374,10 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
char * member_file_name = adjust_relative_path
(filedata->file_name, name, namelen);
free (name);
if (member_file_name == NULL)
{
free (qualified_name);
ret = FALSE;
break;
}
@ -20362,6 +20387,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
{
error (_("Input file '%s' is not readable.\n"), member_file_name);
free (member_file_name);
free (qualified_name);
ret = FALSE;
break;
}
@ -20374,6 +20400,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
close_file (member_filedata);
free (member_file_name);
free (qualified_name);
}
else if (is_thin_archive)
{
@ -20386,9 +20413,12 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
{
error (_("%s: contains corrupt thin archive: %s\n"),
qualified_name, name);
free (qualified_name);
free (name);
ret = FALSE;
break;
}
free (name);
/* This is a proxy for a member of a nested archive. */
archive_file_offset = arch.nested_member_origin + sizeof arch.arhdr;
@ -20398,6 +20428,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
if (fseek (nested_arch.file, archive_file_offset, SEEK_SET) != 0)
{
error (_("%s: failed to seek to archive member.\n"), nested_arch.file_name);
free (qualified_name);
ret = FALSE;
break;
}
@ -20410,6 +20441,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
}
else
{
free (name);
archive_file_offset = arch.next_arhdr_offset;
arch.next_arhdr_offset += archive_file_size;
@ -20510,6 +20542,10 @@ process_file (char * file_name)
free (filedata->dump_sects);
free (filedata);
free (ba_cache.strtab);
free (ba_cache.symtab);
ba_cache.filedata = NULL;
return ret;
}