bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/21787] Heap-use-after-free in bfd_cache_close

From: nickc at redhat dot com
Subject: [Bug binutils/21787] Heap-use-after-free in bfd_cache_close
Date: Wed, 19 Jul 2017 13:59:55 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=21787

Nick Clifton <nickc at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |nickc at redhat dot com
         Resolution|---                         |FIXED

--- Comment #3 from Nick Clifton <nickc at redhat dot com> ---
Hi Ned,

  Thanks for reporting this bug.

  The problem is an interesting one because the code is actually set up to
  prevent the use-after-free from happening.  In the normal course of events
  when an element of an archive is no longer needed and the memory is freed,
  all pointers to it will be tidied away.  But in this case, because the
  archive is corrupt, the wrong set of memory releasing functions are being
  used and the pointers are not tidied away.  Later on, when another element
  is freed, the stale pointer is encountered and the bug triggered.

  I have checked in a patch to fix the problem.  It makes the test for a 
  genuine archive be more aggressive when it signals that an archive is 
  corrupt, forcing the format matching mechanism to declare it as unrecognised
  long before it can cause any memory corruption.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]