Bug 22191

Summary: memory leak in dwarf2.c in gnu binutils 2.29
Product: binutils Reporter: skysider <luanjunchao>
Component: binutilsAssignee: Alan Modra <amodra>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 2.29   
Target Milestone: 2.30   
Host: Target:
Build: Last reconfirmed: 2017-09-24 00:00:00
Attachments: memory leak poc

Description skysider 2017-09-23 08:00:06 UTC 
Created attachment 10463 [details]
memory leak poc

The output of running "objdump --x -SD -Wl -R leak.elf" is as follows:

....
==78968==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f484f64f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x4cfdfb in bfd_malloc /work/binutils-gdb-asan/bfd/libbfd.c:193
    #2 0x5e6dd7 in add_line_info dwarf2.c:1528
    #3 0x5eaf10 in decode_line_info dwarf2.c:2383
    #4 0x5f05b8 in comp_unit_find_nearest_line dwarf2.c:3562
    #5 0x5f5351 in _bfd_dwarf2_find_nearest_line dwarf2.c:4622
    #6 0x565d9a in _bfd_elf_find_nearest_line /work/binutils-gdb-asan/bfd/elf.c:8653
    #7 0x409469 in show_line objdump.c:1486
    #8 0x40aaf6 in disassemble_bytes objdump.c:1791
    #9 0x40e0c3 in disassemble_section objdump.c:2313
    #10 0x4d8871 in bfd_map_over_sections /work/binutils-gdb-asan/bfd/section.c:1395
    #11 0x40eb05 in disassemble_data objdump.c:2449
    #12 0x4141c9 in dump_bfd objdump.c:3546
    #13 0x414498 in display_object_bfd objdump.c:3603
    #14 0x414894 in display_any_bfd objdump.c:3692
    #15 0x414909 in display_file objdump.c:3713
    #16 0x415918 in main objdump.c:4015
    #17 0x7f484f00982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 240 byte(s) in 6 object(s) allocated from:
    #0 0x7f484f64f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x4cfdfb in bfd_malloc /work/binutils-gdb-asan/bfd/libbfd.c:193
    #2 0x5e6dd7 in add_line_info dwarf2.c:1528
    #3 0x5eaf10 in decode_line_info dwarf2.c:2383
    #4 0x5f05b8 in comp_unit_find_nearest_line dwarf2.c:3562
    #5 0x5f5351 in _bfd_dwarf2_find_nearest_line dwarf2.c:4622
    #6 0x565d9a in _bfd_elf_find_nearest_line /work/binutils-gdb-asan/bfd/elf.c:8653
    #7 0x409469 in show_line objdump.c:1486
    #8 0x40aaf6 in disassemble_bytes objdump.c:1791
    #9 0x40e0c3 in disassemble_section objdump.c:2313
    #10 0x4d8871 in bfd_map_over_sections /work/binutils-gdb-asan/bfd/section.c:1395
    #11 0x40eb05 in disassemble_data objdump.c:2449
    #12 0x4141c9 in dump_bfd objdump.c:3546
    #13 0x414498 in display_object_bfd objdump.c:3603
    #14 0x414894 in display_any_bfd objdump.c:3692
    #15 0x414909 in display_file objdump.c:3713
    #16 0x415918 in main objdump.c:4015
    #17 0x7f484f00982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f484f64f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x4cfdfb in bfd_malloc /work/binutils-gdb-asan/bfd/libbfd.c:193
    #2 0x5e6dd7 in add_line_info dwarf2.c:1528
    #3 0x5ea651 in decode_line_info dwarf2.c:2296
    #4 0x5f05b8 in comp_unit_find_nearest_line dwarf2.c:3562
    #5 0x5f5351 in _bfd_dwarf2_find_nearest_line dwarf2.c:4622
    #6 0x565d9a in _bfd_elf_find_nearest_line /work/binutils-gdb-asan/bfd/elf.c:8653
    #7 0x409469 in show_line objdump.c:1486
    #8 0x40aaf6 in disassemble_bytes objdump.c:1791
    #9 0x40e0c3 in disassemble_section objdump.c:2313
    #10 0x4d8871 in bfd_map_over_sections /work/binutils-gdb-asan/bfd/section.c:1395
    #11 0x40eb05 in disassemble_data objdump.c:2449
    #12 0x4141c9 in dump_bfd objdump.c:3546
    #13 0x414498 in display_object_bfd objdump.c:3603
    #14 0x414894 in display_any_bfd objdump.c:3692
    #15 0x414909 in display_file objdump.c:3713
    #16 0x415918 in main objdump.c:4015
    #17 0x7f484f00982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 320 byte(s) leaked in 8 allocation(s).

It seems that some memory allocted by bfd_malloc is not freed during disassemble process.
The poc file is attached
Comment 1 Sourceware Commits 2017-09-24 11:35:45 UTC 
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a26a013f22a19e2c16729e64f40ef8a7dfcc086e

commit a26a013f22a19e2c16729e64f40ef8a7dfcc086e
Author: Alan Modra <amodra@gmail.com>
Date:   Sun Sep 24 17:10:14 2017 +0930

    PR22191, memory leak in dwarf2.c
    
    table->sequences is a linked list before it is replaced by a bfd_alloc
    array in sort_line_sequences.
    
    	PR 22191
    	* dwarf2.c (decode_line_info): Properly free line sequences on error.
Comment 2 Alan Modra 2017-09-24 11:55:23 UTC 
Fixed