From: Alex Lindsay <alexlindsay239@gmail.com>
To: Yao Qi <qiyaoltc@gmail.com>
Cc: gdb-patches@sourceware.org
Subject: Re: Synthetic symbol leak in in elf_x86_64_get_synthetic_symtab and elf_read_minimal_symbols
Date: Fri, 11 Aug 2017 15:07:00 -0000 [thread overview]
Message-ID: <cdbdcbc6-724f-b950-6e74-1ce12680f3d9@gmail.com> (raw)
In-Reply-To: <20170811092709.GH8039@1170ee0b50d5>
Thanks for looking into it!
On 08/11/2017 04:27 AM, Yao Qi wrote:
> On 17-08-07 10:19:15, Alex Lindsay wrote:
>> We perform a couple of dynamic allocations in
>> elf_x86_64_get_synthetic_symtab (elf64-x86-64.c):
>>
>> s = *ret = (asymbol *) bfd_zmalloc (size);
>>
>> names = (char *) bfd_malloc (size);
>>
>> that appear to never get freed. My patch for this:
> Good catch! It is more complicated that other bfd targets allocate
> memory for asymbol in a different way as if asymbol.name is defined
> as an zero-length array, so memory allocated for both asymbol and .name
> in one bfd_malloc call, like,
>
> sym = *r->sym_ptr_ptr;
> if (!sym_exists_at (syms, opdsymend, symcount,
> sym->section->id, sym->value + r->addend))
> {
> ++count;
> size += sizeof (asymbol);
> size += strlen (syms[i]->name) + 2;
> }
> }
>
> if (size == 0)
> goto done;
> s = *ret = bfd_malloc (size);
>
> or
>
> size = count * sizeof (asymbol);
> p = relplt->relocation;
> for (i = 0; i < count; i++, p += elf32_arm_size_info.int_rels_per_ext_rel)
> {
> size += strlen ((*p->sym_ptr_ptr)->name) + sizeof ("@plt");
> if (p->addend != 0)
> size += sizeof ("+0x") - 1 + 8;
> }
>
> s = *ret = (asymbol *) bfd_malloc (size);
>
>> diff --git a/gdb/elfread.c b/gdb/elfread.c
>> index ece704ca7c..5ed8a6f957 100644
>> --- a/gdb/elfread.c
>> +++ b/gdb/elfread.c
>> @@ -1144,6 +1144,9 @@ elf_read_minimal_symbols (struct objfile *objfile, int
>> symfile_flags,
>>
>> if (symtab_create_debug)
>> fprintf_unfiltered (gdb_stdlog, "Done reading minimal symbols.\n");
>> + if (synthcount > 0)
>> + xfree ((char *) synthsyms->name);
> We can't do this for some bfd targets.
>
>> + xfree (synthsyms);
> We can only safely do this, but .name is leaked for x86_64. Other
> tools using bfd, like objdump, nm, and gprof may have this issue too.
> I'll ask binutils people on asymbol allocation and de-allocation.
>
next prev parent reply other threads:[~2017-08-11 15:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-07 15:19 Alex Lindsay
2017-08-11 9:27 ` Yao Qi
2017-08-11 15:07 ` Alex Lindsay [this message]
2017-08-11 15:31 ` H.J. Lu
2017-08-11 15:46 ` Yao Qi
2017-08-11 16:44 ` H.J. Lu
2017-08-11 21:20 ` Alex Lindsay
2017-08-17 11:00 ` Yao Qi
2017-08-17 12:31 ` Philippe Waroquiers
2017-08-17 17:42 ` Pedro Alves
2017-08-17 22:32 ` [PATCH] Plug line_header leaks (Re: Synthetic symbol leak in in elf_x86_64_get_synthetic_symtab and elf_read_minimal_symbols) Pedro Alves
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cdbdcbc6-724f-b950-6e74-1ce12680f3d9@gmail.com \
--to=alexlindsay239@gmail.com \
--cc=gdb-patches@sourceware.org \
--cc=qiyaoltc@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox