PR31145, potential memory leak in binutils/ld
Checks
Commit Message
PR 31145
* bfd.c (BFD_IN_MEMORY): Mention that bim is malloc'd.
* format.c (io_reinit): Free BFD_IN_MEMORY iostream.
* opncls.c (_bfd_delete_bfd): Likewise.
(bfd_make_readable): Delete unnecessary code.
* bfd-in2.h: Regenerate.
Comments
Hi Alan,
On 2023-12-15 04:15, Alan Modra wrote:
> PR 31145
> * bfd.c (BFD_IN_MEMORY): Mention that bim is malloc'd.
> * format.c (io_reinit): Free BFD_IN_MEMORY iostream.
> * opncls.c (_bfd_delete_bfd): Likewise.
> (bfd_make_readable): Delete unnecessary code.
> * bfd-in2.h: Regenerate.
>
> diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h
> index 040d5560cdf..2807e694b8f 100644
> --- a/bfd/bfd-in2.h
> +++ b/bfd/bfd-in2.h
> @@ -2035,8 +2035,8 @@ struct bfd
> #define BFD_TRADITIONAL_FORMAT 0x400
>
> /* This flag indicates that the BFD contents are actually cached
> - in memory. If this is set, iostream points to a bfd_in_memory
> - struct. */
> + in memory. If this is set, iostream points to a malloc'd
> + bfd_in_memory struct. */
> #define BFD_IN_MEMORY 0x800
>
> /* This BFD has been created by the linker and doesn't correspond
> diff --git a/bfd/bfd.c b/bfd/bfd.c
> index 616ded3f4be..a5df4ef0311 100644
> --- a/bfd/bfd.c
> +++ b/bfd/bfd.c
> @@ -160,8 +160,8 @@ CODE_FRAGMENT
> .#define BFD_TRADITIONAL_FORMAT 0x400
> .
> . {* This flag indicates that the BFD contents are actually cached
> -. in memory. If this is set, iostream points to a bfd_in_memory
> -. struct. *}
> +. in memory. If this is set, iostream points to a malloc'd
> +. bfd_in_memory struct. *}
> .#define BFD_IN_MEMORY 0x800
> .
> . {* This BFD has been created by the linker and doesn't correspond
> diff --git a/bfd/format.c b/bfd/format.c
> index 66dc2e7e51e..31aeb52861a 100644
> --- a/bfd/format.c
> +++ b/bfd/format.c
> @@ -166,7 +166,14 @@ io_reinit (bfd *abfd, struct bfd_preserve *preserve)
> won't do anything unless abfd->iovec is the cache_iovec. */
> bfd_cache_close (abfd);
> abfd->iovec = preserve->iovec;
> - abfd->iostream = preserve->iostream;
> +
> + if (abfd->iostream != preserve->iostream)
> + {
> + if ((abfd->flags & BFD_IN_MEMORY) != 0)
> + free (abfd->iostream);
> + abfd->iostream = preserve->iostream;
Should you also copy the flags from "preserve" to "abfd" before you call
bfd_open_file?
Kind regards,
Torbjörn
On Fri, Dec 15, 2023 at 10:04:52AM +0100, Torbjorn SVENSSON wrote:
> Hi Alan,
>
> On 2023-12-15 04:15, Alan Modra wrote:
> > diff --git a/bfd/format.c b/bfd/format.c
> > index 66dc2e7e51e..31aeb52861a 100644
> > --- a/bfd/format.c
> > +++ b/bfd/format.c
> > @@ -166,7 +166,14 @@ io_reinit (bfd *abfd, struct bfd_preserve *preserve)
> > won't do anything unless abfd->iovec is the cache_iovec. */
> > bfd_cache_close (abfd);
> > abfd->iovec = preserve->iovec;
> > - abfd->iostream = preserve->iostream;
> > +
> > + if (abfd->iostream != preserve->iostream)
> > + {
> > + if ((abfd->flags & BFD_IN_MEMORY) != 0)
> > + free (abfd->iostream);
> > + abfd->iostream = preserve->iostream;
>
> Should you also copy the flags from "preserve" to "abfd" before you call
> bfd_open_file?
I don't see it is necessary, either before or after the above change.
Revert most of this patch, it isn't correct to free the BFD_IN_MEMORY
iostream in io_reinit.
PR 31145
* format.c (io_reinit): Revert last change. Comment.
* opncls.c (_bfd_delete_bfd): Likewise.
diff --git a/bfd/format.c b/bfd/format.c
index 31aeb52861a..0790a3a2ee5 100644
--- a/bfd/format.c
+++ b/bfd/format.c
@@ -163,16 +163,15 @@ io_reinit (bfd *abfd, struct bfd_preserve *preserve)
if (abfd->iovec != preserve->iovec)
{
/* Handle file backed to in-memory transition. bfd_cache_close
- won't do anything unless abfd->iovec is the cache_iovec. */
+ won't do anything unless abfd->iovec is the cache_iovec.
+ Don't be tempted to call iovec->bclose here. We don't want
+ to call memory_bclose, which would free the bim. The bim
+ must be kept if bfd_check_format_matches is going to decide
+ later that the PE format needing it is in fact the correct
+ target match. */
bfd_cache_close (abfd);
abfd->iovec = preserve->iovec;
-
- if (abfd->iostream != preserve->iostream)
- {
- if ((abfd->flags & BFD_IN_MEMORY) != 0)
- free (abfd->iostream);
- abfd->iostream = preserve->iostream;
- }
+ abfd->iostream = preserve->iostream;
/* Handle in-memory to file backed transition. */
if ((abfd->flags & BFD_CLOSED_BY_CACHE) != 0
diff --git a/bfd/opncls.c b/bfd/opncls.c
index e7b39593608..32c95d6ba52 100644
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@@ -176,8 +176,6 @@ _bfd_delete_bfd (bfd *abfd)
else
free ((char *) bfd_get_filename (abfd));
- if ((abfd->flags & BFD_IN_MEMORY) != 0)
- free (abfd->iostream);
free (abfd->arelt_data);
free (abfd);
}
@@ -2035,8 +2035,8 @@ struct bfd
#define BFD_TRADITIONAL_FORMAT 0x400
/* This flag indicates that the BFD contents are actually cached
- in memory. If this is set, iostream points to a bfd_in_memory
- struct. */
+ in memory. If this is set, iostream points to a malloc'd
+ bfd_in_memory struct. */
#define BFD_IN_MEMORY 0x800
/* This BFD has been created by the linker and doesn't correspond
@@ -160,8 +160,8 @@ CODE_FRAGMENT
.#define BFD_TRADITIONAL_FORMAT 0x400
.
. {* This flag indicates that the BFD contents are actually cached
-. in memory. If this is set, iostream points to a bfd_in_memory
-. struct. *}
+. in memory. If this is set, iostream points to a malloc'd
+. bfd_in_memory struct. *}
.#define BFD_IN_MEMORY 0x800
.
. {* This BFD has been created by the linker and doesn't correspond
@@ -166,7 +166,14 @@ io_reinit (bfd *abfd, struct bfd_preserve *preserve)
won't do anything unless abfd->iovec is the cache_iovec. */
bfd_cache_close (abfd);
abfd->iovec = preserve->iovec;
- abfd->iostream = preserve->iostream;
+
+ if (abfd->iostream != preserve->iostream)
+ {
+ if ((abfd->flags & BFD_IN_MEMORY) != 0)
+ free (abfd->iostream);
+ abfd->iostream = preserve->iostream;
+ }
+
/* Handle in-memory to file backed transition. */
if ((abfd->flags & BFD_CLOSED_BY_CACHE) != 0
&& (abfd->flags & BFD_IN_MEMORY) != 0
@@ -176,6 +176,8 @@ _bfd_delete_bfd (bfd *abfd)
else
free ((char *) bfd_get_filename (abfd));
+ if ((abfd->flags & BFD_IN_MEMORY) != 0)
+ free (abfd->iostream);
free (abfd->arelt_data);
free (abfd);
}
@@ -1064,7 +1066,6 @@ bfd_make_readable (bfd *abfd)
abfd->section_count = 0;
abfd->usrdata = NULL;
abfd->cacheable = false;
- abfd->flags |= BFD_IN_MEMORY;
abfd->mtime_set = false;
abfd->target_defaulted = true;