bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/21787] Heap-use-after-free in bfd_cache_close


From: cvs-commit at gcc dot gnu.org
Subject: [Bug binutils/21787] Heap-use-after-free in bfd_cache_close
Date: Mon, 02 Jul 2018 14:31:33 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=21787

--- Comment #5 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot 
gnu.org> ---
The master branch has been updated by Tom Tromey <address@hidden>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eac61af65bcd24a48633da375527eb3f36ab47ed

commit eac61af65bcd24a48633da375527eb3f36ab47ed
Author: Tom Tromey <address@hidden>
Date:   Thu Jun 28 08:02:42 2018 -0600

    Allow BFD to recognize macOS universal libraries

    Bug #13157 is about a gdb regression, where previously it could handle
    universal libraries, but now cannot.

    gdb isn't working for me on macOS for other reasons, so I wrote this
    small test program to show the problem:

        #include <config.h>
        #include <stdio.h>
        #include <stdlib.h>
        #include <bfd.h>

        void
        die (const char *what)
        {
          fprintf (stderr, "die: %s\n", what);
          exit (1);
        }

        int
        main (int argc, char **argv)
        {
          bfd *file = bfd_openr (argv[1], NULL);
          if (file == NULL)
        die ("couldn't open");

          if (!bfd_check_format (file, bfd_archive))
        die ("not an archive");

          printf ("yay\n");

          bfd_close (file);
          return 0;
        }

    Then I built a simple universal binary.  With git master BFD, I get:

        $ ./doit ./universal-exe
        die: not an archive

    Jeff Muizelaar tracked this down to the BFD change for PR binutils/21787.
    This patch changed bfd_generic_archive_p to sometimes reset the BFD's
    "format" field.

    However, simply changing bfd_generic_archive_p regressed the test case
    in that bug.

    Debugging PR binutils/21787 again, what I saw is that the mach-o
    universal binary support acts like a bfd_archive but does not provide
    a _close_and_cleanup function.  However, if a BFD appears as an
    archive member, it must always remove its own entry from its parent's
    map.  Otherwise, when the parent is destroyed, the already-destroyed
    child BFD will be referenced.  mach-o does not use the usual archive
    member support, so simply using _bfd_archive_close_and_cleanup (as
    other targets do) will not work.

    This patch fixes the problem by introducing a new
    _bfd_unlink_from_archive_parent function, then arranging for it to be
    called in the mach-o case.

    Ok?

    bfd/ChangeLog
    2018-07-02  Jeff Muizelaar  <address@hidden>
            Tom Tromey  <address@hidden>

        PR 13157
        PR 21787
        * mach-o.c (bfd_mach_o_fat_close_and_cleanup): New function.
        (bfd_mach_o_close_and_cleanup): Redefine.
        * archive.c (_bfd_unlink_from_archive_parent): New function,
        extracted from..
        (_bfd_archive_close_and_cleanup): ..here.
        (bfd_generic_archive_p): Do not clear archive's format.
        * libbfd-in.h (_bfd_unlink_from_archive_parent): Declare.
        * libbfd.h: Regenerate.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]