From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-140924-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 93901 invoked by alias); 11 Aug 2017 15:31:35 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Received: (qmail 92485 invoked by uid 89); 11 Aug 2017 15:30:26 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-24.1 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SEM_URIRED,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:2311
X-HELO: mail-oi0-f65.google.com
Received: from mail-oi0-f65.google.com (HELO mail-oi0-f65.google.com) (209.85.218.65) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 11 Aug 2017 15:30:24 +0000
Received: by mail-oi0-f65.google.com with SMTP id q70so3626631oic.2        for <gdb-patches@sourceware.org>; Fri, 11 Aug 2017 08:30:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20161025;        h=x-gm-message-state:mime-version:in-reply-to:references:from:date         :message-id:subject:to:cc;        bh=cc0dITpQ4CC30NI7bxrWe6kNRvhYMWheOST9my5Oph8=;        b=tVO8zCPleTqnL439U2DG9f44XOMi1NvkWtFElhfCabZJpuZTPeqOWVZ9B/p1LmPVBk         8GPUjZkQfRuUfj7UgzUIQeFx8x7+wIQAacFqS86QmNvbA4sRzRZNHAfliGwkNV7Z02zf         lj8I8RWa0JQlJJmRlO2qBl31idFeuDipcICB4OUPdM8FRxL8pWG5A1s8BxBYKkytHJR4         EAVGKAf3T6OkDVAQ+wnNiMoBy881MoeQ57QZdwcgMyIr6CTzAt50qfrNzJp6xqVvYtJX         zzfwu+lODPllrj6CX6Vv/AuAJLlhLJ+krNwX6MtaXjhXV6GTKKbWqeJ9oH9vN6qQoetC         z+9Q==
X-Gm-Message-State: AHYfb5jQYlZtyqmqetDAfPJeCFXn5XHXKmxS8h7PFo8G9+Q4CIVBMTuD	0Lhu/eweOcI1tG7dKiXsyoBskrQhWA==
X-Received: by 10.202.179.85 with SMTP id c82mr16888298oif.5.1502465422077; Fri, 11 Aug 2017 08:30:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.136.75 with HTTP; Fri, 11 Aug 2017 08:30:21 -0700 (PDT)
In-Reply-To: <20170811092709.GH8039@1170ee0b50d5>
References: <ce856f01-6e4b-5e74-fe8a-8e4aa0cb89e6@gmail.com> <20170811092709.GH8039@1170ee0b50d5>
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Fri, 11 Aug 2017 15:31:00 -0000
Message-ID: <CAMe9rOoG9JCky0uuoBe+_DUpVbGz3Ww2cBX1GSb1Nw5kByutaQ@mail.gmail.com>
Subject: Re: Synthetic symbol leak in in elf_x86_64_get_synthetic_symtab and elf_read_minimal_symbols
To: Yao Qi <qiyaoltc@gmail.com>
Cc: Alex Lindsay <alexlindsay239@gmail.com>, GDB <gdb-patches@sourceware.org>
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes
X-SW-Source: 2017-08/txt/msg00240.txt.bz2

On Fri, Aug 11, 2017 at 2:27 AM, Yao Qi <qiyaoltc@gmail.com> wrote:
> On 17-08-07 10:19:15, Alex Lindsay wrote:
>>
>> We perform a couple of  dynamic allocations in
>> elf_x86_64_get_synthetic_symtab (elf64-x86-64.c):
>>
>>   s = *ret = (asymbol *) bfd_zmalloc (size);
>>
>>   names = (char *) bfd_malloc (size);
>>
>> that appear to never get freed. My patch for this:
>
> Good catch!  It is more complicated that other bfd targets allocate
> memory for asymbol in a different way as if asymbol.name is defined
> as an zero-length array, so memory allocated for both asymbol and .name
> in one bfd_malloc call, like,
>
>           sym = *r->sym_ptr_ptr;
>           if (!sym_exists_at (syms, opdsymend, symcount,
>                               sym->section->id, sym->value + r->addend))
>             {
>               ++count;
>               size += sizeof (asymbol);
>               size += strlen (syms[i]->name) + 2;
>             }
>         }
>
>       if (size == 0)
>         goto done;
>       s = *ret = bfd_malloc (size);
>
> or
>
>   size = count * sizeof (asymbol);
>   p = relplt->relocation;
>   for (i = 0; i < count; i++, p += elf32_arm_size_info.int_rels_per_ext_rel)
>     {
>       size += strlen ((*p->sym_ptr_ptr)->name) + sizeof ("@plt");
>       if (p->addend != 0)
>         size += sizeof ("+0x") - 1 + 8;
>     }
>
>   s = *ret = (asymbol *) bfd_malloc (size);
>
>>
>> diff --git a/gdb/elfread.c b/gdb/elfread.c
>> index ece704ca7c..5ed8a6f957 100644
>> --- a/gdb/elfread.c
>> +++ b/gdb/elfread.c
>> @@ -1144,6 +1144,9 @@ elf_read_minimal_symbols (struct objfile *objfile, int
>> symfile_flags,
>>
>>    if (symtab_create_debug)
>>      fprintf_unfiltered (gdb_stdlog, "Done reading minimal symbols.\n");
>> +  if (synthcount > 0)
>> +    xfree ((char *) synthsyms->name);
>
> We can't do this for some bfd targets.
>
>> +  xfree (synthsyms);
>
> We can only safely do this, but .name is leaked for x86_64.  Other
> tools using bfd, like objdump, nm, and gprof may have this issue too.
> I'll ask binutils people on asymbol allocation and de-allocation.
>

This is:

https://sourceware.org/bugzilla/show_bug.cgi?id=21943

i386 and x86-64 get_synthetic_symtab don't know if @plt should
be added to symbol name for a PLT entry.  The first pass checks
if @plt is needed and extra space is allocated in the second pass.
We can assume @plt is needed and waste some space if it isn't.

-- 
H.J.