| Message ID | 20221207141137.1527113-1-felix.willgerodt@intel.com |
|---|---|
| State | Accepted |
| Headers |
Return-Path: <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp208389wrr;
Wed, 7 Dec 2022 06:15:08 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf4KKz3cUotpR/Jai+q/ppMCNnmnSr4zO2VY9b5+XaDxm8SBE+UOMbU0TmhlEUcE7MW+d3oW
X-Received: by 2002:aa7:d0d4:0:b0:46b:fa4:a827 with SMTP id
u20-20020aa7d0d4000000b0046b0fa4a827mr41463528edo.30.1670422508706;
Wed, 07 Dec 2022 06:15:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1670422508; cv=none;
d=google.com; s=arc-20160816;
b=lJaNG7cSxGCnsr4I1I9Y4y3enM4JbTKjvcitxKh94JPMG9Youf0UA3mtakHZ/EZX/6
WTlPGoHE0Rv5h122j8mu3o+xnjgj/KYXcBwz22tP17qTOiDs/2ilqEeO/qgUvw1mUKh8
z54w30nsDaxRlB/5BU3KxtzWRcrA4qyn28ZIfqkcMy9FgWgWTq2rqwVYhcep3e2Cyud6
2xos8uwGJbsKd+azKyvxsCGoPgFXAPk0LrV8errm1s/yGZmNjD+txGVmLEyKrUINHEY0
IYtutOPlNOrH5+8J/CGl9+5UNVX2eOWcgJjiypAWibNTMBpdJeAsalgUzqqv4PtnHLRe
IcFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post
:list-archive:list-unsubscribe:list-id:precedence
:content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:dmarc-filter:delivered-to:dkim-signature:dkim-filter;
bh=M6z3BAaUfXC5jz7YsVgCRijkIicfznr/Ei8/Ek9o3QU=;
b=Mdk3xw6MQYDyDVCA0Mq7GNO6XYBnj5xuZx8IUVJKwGB3pP3luMgCGQhxbc9UWI8u9J
ukmOOQSHJ+z4rLhaFdNVKfl/JPt0dKfoARWiRmjHXX5zKvWpcMFqHJaXYB8veEK2IVLp
obFJW2Tq9D4SumBh7EBXPh8wokIyTZxhph6HgfWaXRQkmQWJSavfflb0BJ7YtuIPfk30
6Bmz980Q1fBDcKzVfgVswWKhMZT4op5YhIQzXkx5z+aMuh2TakWL1Yg2Vc4vVtQbeNEX
Z0pJ234bFf/pjZNG16Vd4Z5s57AjO6Z5xo+sbdf8WzUMhqwNR3I4b4fIyhMq721EbEZc
Qmnw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@sourceware.org header.s=default header.b=PSurGv3Z;
spf=pass (google.com: domain of
binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
2620:52:3:1:0:246e:9693:128c as permitted sender)
smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from sourceware.org (server2.sourceware.org.
[2620:52:3:1:0:246e:9693:128c])
by mx.google.com with ESMTPS id
a13-20020a170906684d00b007bf848e0a05si12826054ejs.912.2022.12.07.06.15.08
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 07 Dec 2022 06:15:08 -0800 (PST)
Received-SPF: pass (google.com: domain of
binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
2620:52:3:1:0:246e:9693:128c as permitted sender)
client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
dkim=pass header.i=@sourceware.org header.s=default header.b=PSurGv3Z;
spf=pass (google.com: domain of
binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
2620:52:3:1:0:246e:9693:128c as permitted sender)
smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
by sourceware.org (Postfix) with ESMTP id 356E5381ECAF
for <ouuuleilei@gmail.com>; Wed, 7 Dec 2022 14:15:07 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 356E5381ECAF
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
s=default; t=1670422507;
bh=M6z3BAaUfXC5jz7YsVgCRijkIicfznr/Ei8/Ek9o3QU=;
h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive:
List-Post:List-Help:List-Subscribe:From:Reply-To:From;
b=PSurGv3ZTZypvL5Hl+fWNwlPl7PueXTMskJyz8lXtIHunqPaxhs1fN9bMCj7tqcgj
Yu+hqibLylpa4k/CSucJLO3/SIU74MU1BrSAka2xBLOwZdGnNTI1RTilakw+Qh/a/U
nEt049rLxx0yuH35RkfpzBn5e4zuTFXWKXloEao8=
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
by sourceware.org (Postfix) with ESMTPS id C26D7382B3C0
for <binutils@sourceware.org>; Wed, 7 Dec 2022 14:14:57 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C26D7382B3C0
X-IronPort-AV: E=McAfee;i="6500,9779,10553"; a="403169044"
X-IronPort-AV: E=Sophos;i="5.96,225,1665471600"; d="scan'208";a="403169044"
Received: from orsmga002.jf.intel.com ([10.7.209.21])
by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
07 Dec 2022 06:14:56 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10553"; a="646617921"
X-IronPort-AV: E=Sophos;i="5.96,225,1665471600"; d="scan'208";a="646617921"
Received: from mulvlfelix.iul.intel.com (HELO localhost) ([172.28.48.92])
by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
07 Dec 2022 06:14:54 -0800
To: binutils@sourceware.org
Cc: Felix Willgerodt <felix.willgerodt@intel.com>
Subject: [PATCH 1/1] libctf: Fix double free in ctf_link_add_cu_mapping.
Date: Wed, 7 Dec 2022 15:11:37 +0100
Message-Id: <20221207141137.1527113-1-felix.willgerodt@intel.com>
X-Mailer: git-send-email 2.34.3
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-10.4 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
<mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
<mailto:binutils-request@sourceware.org?subject=subscribe>
From: Felix Willgerodt via Binutils <binutils@sourceware.org>
Reply-To: Felix Willgerodt <felix.willgerodt@intel.com>
Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org
Sender: "Binutils" <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1751564952671551742?=
X-GMAIL-MSGID: =?utf-8?q?1751564952671551742?=
|
| Series |
[1/1] libctf: Fix double free in ctf_link_add_cu_mapping.
|
|
Checks
| Context | Check | Description |
|---|---|---|
| snail/binutils-gdb-check | success | Github commit url |
Commit Message
Felix Willgerodt
Dec. 7, 2022, 2:11 p.m. UTC
This fixes a potential double free which can occur if we jump to oom_noerrno after the first free. I am not very familiar with libctf, so any comments are welcome. I am wondering if the right solution wouldn't be to free both t and f before the "return 0". But I didn't fully understand the code and saw that other users of ctf_dynhash_insert() also don't free the key manually. libctf/ChangeLog: * ctf-link.c (ctf_link_add_cu_mapping): Adjust freeing logic. --- libctf/ctf-link.c | 2 -- 1 file changed, 2 deletions(-)
Comments
On Wed, Dec 07, 2022 at 03:11:37PM +0100, Felix Willgerodt via Binutils wrote: > This fixes a potential double free which can occur if we jump to > oom_noerrno after the first free. > > I am not very familiar with libctf, so any comments are welcome. > I am wondering if the right solution wouldn't be to free both t and f before > the "return 0". But I didn't fully understand the code and saw that other > users of ctf_dynhash_insert() also don't free the key manually. No, they can't be freed if successfully inserted into the hash table, but "t" should indeed be freed if already inserted. I'm applying the following fix. * ctf-link.c (ctf_link_add_cu_mapping): Set t NULL after free. diff --git a/libctf/ctf-link.c b/libctf/ctf-link.c index 702f2b4d5fe..902b4408cd6 100644 --- a/libctf/ctf-link.c +++ b/libctf/ctf-link.c @@ -431,7 +431,10 @@ ctf_link_add_cu_mapping (ctf_dict_t *fp, const char *from, const char *to) } } else - free (t); + { + free (t); + t = NULL; + } if (ctf_dynhash_insert (one_out, f, NULL) < 0) {
> -----Original Message----- > From: Alan Modra <amodra@gmail.com> > Sent: Donnerstag, 8. Dezember 2022 02:23 > To: Willgerodt, Felix <felix.willgerodt@intel.com> > Cc: binutils@sourceware.org > Subject: Re: [PATCH 1/1] libctf: Fix double free in ctf_link_add_cu_mapping. > > On Wed, Dec 07, 2022 at 03:11:37PM +0100, Felix Willgerodt via Binutils > wrote: > > This fixes a potential double free which can occur if we jump to > > oom_noerrno after the first free. > > > > I am not very familiar with libctf, so any comments are welcome. > > I am wondering if the right solution wouldn't be to free both t and f before > > the "return 0". But I didn't fully understand the code and saw that other > > users of ctf_dynhash_insert() also don't free the key manually. > > No, they can't be freed if successfully inserted into the hash table, > but "t" should indeed be freed if already inserted. I'm applying the > following fix. > > * ctf-link.c (ctf_link_add_cu_mapping): Set t NULL after free. > > diff --git a/libctf/ctf-link.c b/libctf/ctf-link.c > index 702f2b4d5fe..902b4408cd6 100644 > --- a/libctf/ctf-link.c > +++ b/libctf/ctf-link.c > @@ -431,7 +431,10 @@ ctf_link_add_cu_mapping (ctf_dict_t *fp, const char > *from, const char *to) > } > } > else > - free (t); > + { > + free (t); > + t = NULL; > + } > > if (ctf_dynhash_insert (one_out, f, NULL) < 0) > { > > > -- > Alan Modra > Australia Development Lab, IBM Thanks, that looks fine to me as well. Felix Intel Deutschland GmbH Registered Address: Am Campeon 10, 85579 Neubiberg, Germany Tel: +49 89 99 8853-0, www.intel.de <http://www.intel.de> Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva Chairperson of the Supervisory Board: Nicole Lau Registered Office: Munich Commercial Register: Amtsgericht Muenchen HRB 186928
On 8 Dec 2022, Alan Modra via Binutils stated: > On Wed, Dec 07, 2022 at 03:11:37PM +0100, Felix Willgerodt via Binutils wrote: >> This fixes a potential double free which can occur if we jump to >> oom_noerrno after the first free. >> >> I am not very familiar with libctf, so any comments are welcome. >> I am wondering if the right solution wouldn't be to free both t and f before >> the "return 0". But I didn't fully understand the code and saw that other >> users of ctf_dynhash_insert() also don't free the key manually. > > No, they can't be freed if successfully inserted into the hash table, > but "t" should indeed be freed if already inserted. I'm applying the > following fix. > > * ctf-link.c (ctf_link_add_cu_mapping): Set t NULL after free. > > diff --git a/libctf/ctf-link.c b/libctf/ctf-link.c > index 702f2b4d5fe..902b4408cd6 100644 > --- a/libctf/ctf-link.c > +++ b/libctf/ctf-link.c > @@ -431,7 +431,10 @@ ctf_link_add_cu_mapping (ctf_dict_t *fp, const char *from, const char *to) > } > } > else > - free (t); > + { > + free (t); > + t = NULL; > + } > > if (ctf_dynhash_insert (one_out, f, NULL) < 0) > { Looks good! Sorry about that. This function has been subject to more OOM-related memory allocation problems than everything else in libctf combined :/
diff --git a/libctf/ctf-link.c b/libctf/ctf-link.c index 702f2b4d5fe..e59e415eb41 100644 --- a/libctf/ctf-link.c +++ b/libctf/ctf-link.c @@ -430,8 +430,6 @@ ctf_link_add_cu_mapping (ctf_dict_t *fp, const char *from, const char *to) goto oom_noerrno; } } - else - free (t); if (ctf_dynhash_insert (one_out, f, NULL) < 0) {