[Bug binutils/24790] New: A potential memory leak issue in readelf.

[featherrain26 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=24790

            Bug ID: 24790
           Summary: A potential memory leak issue in readelf.
           Product: binutils
           Version: 2.32
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: featherrain26 at gmail dot com
  Target Milestone: ---

Created attachment 11896
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11896&action=edit
PoC input

Hi, there.

I find a memory leak issue in readelf in version 2.32.

To reproduce the memory leak, the compile flag is:
CFLAGS="-g -O0 -m32" ./configure ; make

Then,
Valgrind --leak-check=full --show-leak-kinds=full -v ./readelf -w input

Here are the details reported by Valgrind.

==113371== HEAP SUMMARY:
==113371==     in use at exit: 415 bytes in 4 blocks
==113371==   total heap usage: 209 allocs, 205 frees, 33,158 bytes allocated
==113371== 
==113371== Searching for pointers to 4 not-freed blocks
==113371== Checked 68,976 bytes
==113371== 
==113371== 12 bytes in 1 blocks are definitely lost in loss record 1 of 4
==113371==    at 0x402DE19: calloc (vg_replace_malloc.c:711)
==113371==    by 0x80A7237: parse_gnu_debugaltlink (dwarf.c:9802)
==113371==    by 0x80A728C: load_separate_debug_info (dwarf.c:9827)
==113371==    by 0x80A7A84: load_separate_debug_file (dwarf.c:10056)
==113371==    by 0x80835CA: process_object (readelf.c:19281)
==113371==    by 0x808454A: process_file (readelf.c:19708)
==113371==    by 0x808469E: main (readelf.c:19767)
==113371== 
==113371== 19 bytes in 1 blocks are definitely lost in loss record 2 of 4
==113371==    at 0x402DE19: calloc (vg_replace_malloc.c:711)
==113371==    by 0x805D55A: request_dump_bynumber (readelf.c:4491)
==113371==    by 0x80629CB: process_section_headers (readelf.c:6237)
==113371==    by 0x8083497: process_object (readelf.c:19247)
==113371==    by 0x808454A: process_file (readelf.c:19708)
==113371==    by 0x808469E: main (readelf.c:19767)
==113371== 
==113371== 128 bytes in 1 blocks are still reachable in loss record 3 of 4
==113371==    at 0x402E015: realloc (vg_replace_malloc.c:785)
==113371==    by 0x80AD68E: xrealloc (xmalloc.c:179)
==113371==    by 0x80A6F1D: xcrealloc (dwarf.c:9613)
==113371==    by 0x809C5BC: frame_need_space (dwarf.c:6976)
==113371==    by 0x809EB8B: display_debug_frames (dwarf.c:7815)
==113371==    by 0x80766EA: display_debug_section (readelf.c:13945)
==113371==    by 0x8076998: process_section_contents (readelf.c:14036)
==113371==    by 0x80835E4: process_object (readelf.c:19285)
==113371==    by 0x808454A: process_file (readelf.c:19708)
==113371==    by 0x808469E: main (readelf.c:19767)
==113371== 
==113371== 256 bytes in 1 blocks are still reachable in loss record 4 of 4
==113371==    at 0x402E015: realloc (vg_replace_malloc.c:785)
==113371==    by 0x80AD68E: xrealloc (xmalloc.c:179)
==113371==    by 0x80A6F1D: xcrealloc (dwarf.c:9613)
==113371==    by 0x809C5DF: frame_need_space (dwarf.c:6978)
==113371==    by 0x809EB8B: display_debug_frames (dwarf.c:7815)
==113371==    by 0x80766EA: display_debug_section (readelf.c:13945)
==113371==    by 0x8076998: process_section_contents (readelf.c:14036)
==113371==    by 0x80835E4: process_object (readelf.c:19285)
==113371==    by 0x808454A: process_file (readelf.c:19708)
==113371==    by 0x808469E: main (readelf.c:19767)
==113371== 
==113371== LEAK SUMMARY:
==113371==    definitely lost: 31 bytes in 2 blocks
==113371==    indirectly lost: 0 bytes in 0 blocks
==113371==      possibly lost: 0 bytes in 0 blocks
==113371==    still reachable: 384 bytes in 2 blocks
==113371==         suppressed: 0 bytes in 0 blocks
==113371== 
==113371== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
==113371== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)

The attachment is the POC file.

-- 
You are receiving this mail because:
You are on the CC list for the bug.