[Bug binutils/31146] potential Memory Leak

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31146

Nick Clifton <nickc at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |nickc at redhat dot com
         Resolution|---                         |NOTABUG

--- Comment #1 from Nick Clifton <nickc at redhat dot com> ---
(In reply to 时宇羽然 from comment #0)

> Hi, I found a memory leak bug in the source code of binutils, and I have
> shown 
> the execution sequence below. This bug exists in the file /bfd/elfxx-x86.c.
> The red text illustrates the steps that generate the bug.
> As shown in the diagram, in the function
> _bfd_x86_elf_link_hash_table_create, a block of memory is allocated for the
> variable ret->loc_hash_memory. However, if ret->loc_hash_table fails to be
> created, it will result in returning NULL, potentially causing a memory leak
> vulnerability.

Thank you for reporting this problem.  As it turns out however there
is no leak.  If ret->loc_hash_table is NULL and/or ret->loc_hash_memory
is NULL then the code calls the elf_x86_link_hash_table_free() function
which tests and frees both fields.  Hence no leak.

One thing that might not be obvious however is how the 
elf_x86_link_hash_table_free() function obtains the correct pointers to 
examine, since it is passed the "abfd" pointer and not the "ret" pointer.
The answer to this is the call to _bfd_elf_link_hash_table_init() earlier
on in the function, which is passed the address of the first field in "ret"
(ie "&ret->elf") and this is then passed on to _bfd_link_hash_table_init()
which then stores the value in the link.hash field of the bfd.

I hope that this makes sense.

-- 
You are receiving this mail because:
You are on the CC list for the bug.