This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
[Patch]: obj_elf_section: do not free name in case of error
- From: Tristan Gingold <gingold at adacore dot com>
- To: binutils Development <binutils at sourceware dot org>
- Date: Wed, 3 Aug 2011 14:01:46 +0200
- Subject: [Patch]: obj_elf_section: do not free name in case of error
Hi,
in case of parse error during obj_elf_section, xfree (name) is called to free the section name.
However, name may not be allocated on the heap: for names enclosed in quotes, obj_elf_section_name calls
demand_copy_C_string which allocates the string on the notes obstack.
So, an invalid .section directive may corrupt the heap because of such invalid call to free.
I think it is easier to simply not trying to deallocate name. In case of success (which should happen more frequently),
we don't bother about this potential memory leak too.
Thoughts ?
Tristan.
2011-08-03 Tristan Gingold <gingold@adacore.com>
* config/obj-elf.c (obj_elf_section): Do not free name.
diff --git a/gas/config/obj-elf.c b/gas/config/obj-elf.c
index 820f1cf..6e16a62 100644
--- a/gas/config/obj-elf.c
+++ b/gas/config/obj-elf.c
if (beg == NULL)
{
ignore_rest_of_line ();
- xfree (name);
return;
}
attr |= obj_elf_parse_section_letters (beg, strlen (beg), &clone);
@@ -1004,7 +1003,6 @@ obj_elf_section (int push)
if (beg == NULL)
{
ignore_rest_of_line ();
- xfree (name);
return;
}
type = obj_elf_section_type (beg, strlen (beg), TRUE);
@@ -1086,7 +1084,6 @@ obj_elf_section (int push)
{
as_bad (_("character following name is not '#'"));
ignore_rest_of_line ();
- xfree (name);
return;
}
beg = ++input_line_pointer;