This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
[PATCH v2] bfd: alpha: Fix crash caused by double free with --no-keep-memory
- From: James Clarke <jrtc27 at jrtc27 dot com>
- To: binutils at sourceware dot org, Alan Modra <amodra at gmail dot com>
- Cc: James Clarke <jrtc27 at jrtc27 dot com>, John Paul Adrian Glaubitz <glaubitz at physik dot fu-berlin dot de>, Michael Cree <mcree at orcon dot net dot nz>
- Date: Tue, 3 Jan 2017 16:15:15 +0000
- Subject: [PATCH v2] bfd: alpha: Fix crash caused by double free with --no-keep-memory
- Authentication-results: sourceware.org; auth=none
- References: <20170102051445.GJ29355@bubble.grove.modra.org>
Without this, ld has been seen to crash in libc when freeing tsec_free:
*** Error in `/usr/bin/ld': double free or corruption (!prev): 0x0000000120ceb6a0 ***
_bfd_elf_link_read_relocs will always return the cached value if
present, even if keep_memory is false, therefore setting tsec_free to
NULL only when keep_memory is true is not sufficient.
bfd/
* elf64-alpha.c (elf64_alpha_relax_opt_call): Don't free
tsec_free if it is cached inside tsec's section data.
---
bfd/elf64-alpha.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/bfd/elf64-alpha.c b/bfd/elf64-alpha.c
index 44f2cfe004..4c31a07ad0 100644
--- a/bfd/elf64-alpha.c
+++ b/bfd/elf64-alpha.c
@@ -3215,7 +3215,9 @@ elf64_alpha_relax_opt_call (struct alpha_relax_info *info, bfd_vma symval)
if (tsec_relocs == NULL)
return 0;
tsec_relend = tsec_relocs + info->tsec->reloc_count;
- tsec_free = (info->link_info->keep_memory ? NULL : tsec_relocs);
+ tsec_free = (elf_section_data (info->tsec)->relocs == tsec_relocs
+ ? NULL
+ : tsec_relocs);
}
/* Recover the symbol's offset within the section. */
--
2.11.0