From: Yao Qi <qiyaoltc@gmail.com>
To: Alex Lindsay <alexlindsay239@gmail.com>
Cc: gdb-patches@sourceware.org
Subject: Re: Synthetic symbol leak in in elf_x86_64_get_synthetic_symtab and elf_read_minimal_symbols
Date: Fri, 11 Aug 2017 09:27:00 -0000 [thread overview]
Message-ID: <20170811092709.GH8039@1170ee0b50d5> (raw)
In-Reply-To: <ce856f01-6e4b-5e74-fe8a-8e4aa0cb89e6@gmail.com>
On 17-08-07 10:19:15, Alex Lindsay wrote:
>
> We perform a couple of dynamic allocations in
> elf_x86_64_get_synthetic_symtab (elf64-x86-64.c):
>
> s = *ret = (asymbol *) bfd_zmalloc (size);
>
> names = (char *) bfd_malloc (size);
>
> that appear to never get freed. My patch for this:
Good catch! It is more complicated that other bfd targets allocate
memory for asymbol in a different way as if asymbol.name is defined
as an zero-length array, so memory allocated for both asymbol and .name
in one bfd_malloc call, like,
sym = *r->sym_ptr_ptr;
if (!sym_exists_at (syms, opdsymend, symcount,
sym->section->id, sym->value + r->addend))
{
++count;
size += sizeof (asymbol);
size += strlen (syms[i]->name) + 2;
}
}
if (size == 0)
goto done;
s = *ret = bfd_malloc (size);
or
size = count * sizeof (asymbol);
p = relplt->relocation;
for (i = 0; i < count; i++, p += elf32_arm_size_info.int_rels_per_ext_rel)
{
size += strlen ((*p->sym_ptr_ptr)->name) + sizeof ("@plt");
if (p->addend != 0)
size += sizeof ("+0x") - 1 + 8;
}
s = *ret = (asymbol *) bfd_malloc (size);
>
> diff --git a/gdb/elfread.c b/gdb/elfread.c
> index ece704ca7c..5ed8a6f957 100644
> --- a/gdb/elfread.c
> +++ b/gdb/elfread.c
> @@ -1144,6 +1144,9 @@ elf_read_minimal_symbols (struct objfile *objfile, int
> symfile_flags,
>
> if (symtab_create_debug)
> fprintf_unfiltered (gdb_stdlog, "Done reading minimal symbols.\n");
> + if (synthcount > 0)
> + xfree ((char *) synthsyms->name);
We can't do this for some bfd targets.
> + xfree (synthsyms);
We can only safely do this, but .name is leaked for x86_64. Other
tools using bfd, like objdump, nm, and gprof may have this issue too.
I'll ask binutils people on asymbol allocation and de-allocation.
--
Yao (é½å°§)
next prev parent reply other threads:[~2017-08-11 9:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-07 15:19 Alex Lindsay
2017-08-11 9:27 ` Yao Qi [this message]
2017-08-11 15:07 ` Alex Lindsay
2017-08-11 15:31 ` H.J. Lu
2017-08-11 15:46 ` Yao Qi
2017-08-11 16:44 ` H.J. Lu
2017-08-11 21:20 ` Alex Lindsay
2017-08-17 11:00 ` Yao Qi
2017-08-17 12:31 ` Philippe Waroquiers
2017-08-17 17:42 ` Pedro Alves
2017-08-17 22:32 ` [PATCH] Plug line_header leaks (Re: Synthetic symbol leak in in elf_x86_64_get_synthetic_symtab and elf_read_minimal_symbols) Pedro Alves
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170811092709.GH8039@1170ee0b50d5 \
--to=qiyaoltc@gmail.com \
--cc=alexlindsay239@gmail.com \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox