From patchwork Wed Sep  6 23:26:16 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alan Modra <amodra@gmail.com>
X-Patchwork-Id: 137601
Return-Path: <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:ab0a:0:b0:3f2:4152:657d with SMTP id m10csp2629115vqo;
        Wed, 6 Sep 2023 16:26:32 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGhZ/hclIWNek/hH2aMDSNPZMFoHDUerH+sFm8diP7osWh+2+svJf6KyEazD3YHFgt+NFiy
X-Received: by 2002:a05:6512:443:b0:500:9de4:5966 with SMTP id
 y3-20020a056512044300b005009de45966mr2913615lfk.62.1694042792422;
        Wed, 06 Sep 2023 16:26:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694042792; cv=none;
        d=google.com; s=arc-20160816;
        b=oFUfJFRknkuMvnv8Y6R1eXpXroSNT0lEAH5IqsLFOQ7IIPaSh6QcvBeEiXfyReUMYo
         WyA7HhwOU8dVndHoAMbM0/OV2pjBL9K5iNEoirpblM4OMTys0tsPR2Zabrbo/AhBjP7u
         U+YT9fQKI2uxiwEt2FpYg9rJkzWzeHh1pqnFNytqFwMWIs2PN7lCpQLJh/BWHgzdoWvs
         yObwuhfkxvTgPUIu142jY90eqrcH3FdGDdDBWAym0oqiwYTrs2rYatTP6Q2g6y9wWB6k
         m3pFLojxUt8yEf+UcRtj6lwZ2IqUPemCrILdY9OiuJKRQwpXuHw1A3x++/fGduTuVzOa
         SMaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post
         :list-archive:list-unsubscribe:list-id:precedence
         :content-disposition:mime-version:message-id:subject:to:date
         :dmarc-filter:delivered-to:dkim-signature:dkim-filter;
        bh=FmM5hpmHPsiXxvS3zqkCYU02Uj5mQyE5ytl0ulgCZck=;
        fh=NLxAvL/bDfPg4AGOtxqvQlND8vazkZrNzKLY8+LAbBY=;
        b=EK6E4qOaE5skdgHFLmkTLz1EAYpJs4WfiXpxM4aAXlQzCZQIF8p6hUsBqhWZl6mEJ8
         1Z4DdnbDGdVR0HladLysyeAGrhP3DxTOoPn7rXwLVefw+fxS/xuY6ZFxjGldZ08cl6H1
         sL7WEyaQQl6Bkx3YS63WstjDKblI1D8ge+1JF3+oPkqly+aw6cPpc5dzUW5F0TryYB6i
         73K7g+2vuR/CMVh+ctY9Llp2uZVREnucLDJyz8Rud4/NfmT9e0ZiZe71O6xhJ+EUk0Bb
         DQ81vXUm7V71hr33AqCb8Bb7cBIJ4zTGr6TK/FpcxN366oeWrZcOstsmyR/2tzgVLHM4
         Fg8Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sourceware.org header.s=default
 header.b="R/Z/a91s";
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c])
        by mx.google.com with ESMTPS id
 ay15-20020a056402202f00b00525975e6b84si9917372edb.340.2023.09.06.16.26.32
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Sep 2023 16:26:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sourceware.org header.s=default
 header.b="R/Z/a91s";
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 19129385842C
	for <ouuuleilei@gmail.com>; Wed,  6 Sep 2023 23:26:31 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 19129385842C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1694042791;
	bh=FmM5hpmHPsiXxvS3zqkCYU02Uj5mQyE5ytl0ulgCZck=;
	h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=R/Z/a91s/QRgE8jCzN5LiLIN1fdxT9L9Dda2e+sxHOf8S36AnsTfduOoiv9AkOEvD
	 qLJjZ74H/JV27HqvxdwbJ66pCwMyK6qF7sTsaWsgRphoVoiJzUeD61ODplOjkcPsNf
	 pUWSZLpvx3NopYKNGNEpb2KBot7OcpgcsKPvUifA=
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com
 [IPv6:2607:f8b0:4864:20::62d])
 by sourceware.org (Postfix) with ESMTPS id A7FE63858C78
 for <binutils@sourceware.org>; Wed,  6 Sep 2023 23:26:21 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A7FE63858C78
Received: by mail-pl1-x62d.google.com with SMTP id
 d9443c01a7336-1bdc19b782aso2957295ad.0
 for <binutils@sourceware.org>; Wed, 06 Sep 2023 16:26:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1694042780; x=1694647580;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=FmM5hpmHPsiXxvS3zqkCYU02Uj5mQyE5ytl0ulgCZck=;
 b=ej9BD8X3CA/ztfalXtc50Zm5Za5J2ahe2aXsjM25xkMMxvELgXvjrhTqyM/v9opxqT
 YEUjVVb/jTWw6+qAtfHv4TwulfAgoR3MzinmWFC418bTMsoQ4uRvK2sNostOpYORe6iO
 Kk05sX13NgRBgGNU0PYwuSAXRk2pA9A69jhCT0zVrRBcfOtxQRyKANUxezP19zUOwkge
 lRG3tJNwCg395yJGn+w12r12/FZluFSC1gPTaFY+jM6H2ez4+WBPCTTUm0jr7qT0jXNK
 cQj3N6ewzZ3RHIUqeR5IniNRxwuTL5Q17Z2I1ZxllRX4mv1HoSHXYQ6jvEgyq3IsbLk6
 JHsQ==
X-Gm-Message-State: AOJu0Yzk8lbASw/9xRaSNnhq3vd6jr0y5zZBkQ5xQVcOz8mr3EWiTbTV
 oh0C2W6zTa9sm01MLLb4Y04U540La84IgA==
X-Received: by 2002:a17:902:c252:b0:1bc:2c79:c6b5 with SMTP id
 18-20020a170902c25200b001bc2c79c6b5mr15356953plg.4.1694042779889;
 Wed, 06 Sep 2023 16:26:19 -0700 (PDT)
Received: from squeak.grove.modra.org
 ([2406:3400:51d:8cc0:c487:ebb4:e5f:6660])
 by smtp.gmail.com with ESMTPSA id
 kb14-20020a170903338e00b001b8b73da7b1sm11598261plb.227.2023.09.06.16.26.18
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 06 Sep 2023 16:26:18 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id 18E741142392; Thu,  7 Sep 2023 08:56:16 +0930 (ACST)
Date: Thu, 7 Sep 2023 08:56:16 +0930
To: binutils@sourceware.org
Subject: PR30828, notes obstack memory corruption
Message-ID: <ZPkKmIVDP+OkrRtX@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Disposition: inline
X-Spam-Status: No, score=-3033.6 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-Patchwork-Original-From: Alan Modra via Binutils <binutils@sourceware.org>
From: Alan Modra <amodra@gmail.com>
Reply-To: Alan Modra <amodra@gmail.com>
Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org
Sender: "Binutils" <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1776332614855885951
X-GMAIL-MSGID: 1776332614855885951

Commit 3bab069c29b3 carelessly allowed "string" to be released from
the notes obstack twice, with the second call to obstack_free
releasing memory for a fixup that just happened to be the same size as
the original string.  The fixup then of course was overwritten.
This patch fixes that problem, and another that could occur on an
error path.

	PR 30828
	* stabs.c (s_stab_generic): Don't free string twice.  Don't
	blow away entire notes obstack on a missing string.

diff --git a/gas/stabs.c b/gas/stabs.c
index 1b25542900a..0c8022fb2cb 100644
--- a/gas/stabs.c
+++ b/gas/stabs.c
@@ -262,7 +262,7 @@ s_stab_generic (int what,
 	{
 	  as_warn (_(".stab%c: missing string"), what);
 	  ignore_rest_of_line ();
-	  goto out;
+	  goto out2;
 	}
       /* FIXME: We should probably find some other temporary storage
 	 for string, rather than leaking memory if someone else
@@ -350,7 +350,10 @@ s_stab_generic (int what,
 	 This must be done before creating symbols below, which uses
 	 the notes obstack.  */
       if (saved_string_obstack_end == obstack_next_free (&notes))
-	obstack_free (&notes, string);
+	{
+	  obstack_free (&notes, string);
+	  saved_string_obstack_end = NULL;
+	}
 
       /* At least for now, stabs in a special stab section are always
 	 output as 12 byte blocks of information.  */
@@ -398,6 +401,7 @@ s_stab_generic (int what,
  out:
   if (saved_string_obstack_end == obstack_next_free (&notes))
     obstack_free (&notes, string);
+ out2:
   subseg_set (saved_seg, saved_subseg);
 }