Bug 24007

Summary: Multiple memory leak in ld
Product: binutils Reporter: wcventure <wcventure>
Component: binutilsAssignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED WONTFIX    
Severity: normal CC: nickc
Priority: P2    
Version: 2.31   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:
Attachments: POC

Description wcventure 2018-12-19 11:35:19 UTC
Created attachment 11475 [details]
POC

Hi there,

Multiple memory leak issues were discovered in ld, as distributed in GNU Binutils 2.31. 
There are many heap allocations. But these heap allocations didn't deallocate in the end. 

Please use the "./ld -E $POC" to reproduce the bug.
To reproduce this bug. You need to build bintuils-2.31 with ASAN, setting following Command:

> export ASAN_OPTIONS=abort_on_error=1:symbolize=1:detect_leaks=1



The Leak Sanitizer dumps the stack trace as follows:

> =================================================================
> ==102337==ERROR: LeakSanitizer: detected memory leaks
> 
> Direct leak of 5632 byte(s) in 1 object(s) allocated from:
>     #0 0x4db160 in realloc /Git/llvm-6.0.1/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:107
>     #1 0xcc43d3 in xrealloc /binutils-gdb/libiberty/./xmalloc.c:179:14
>     #2 0x618386 in gldelf_x86_64_add_options /binutils-gdb/ld/eelf_x86_64.c:7189:5
>     #3 0x5e3315 in ldemul_add_options /binutils-gdb/ld/ldemul.c:140:5
>     #4 0x53aa64 in parse_args /binutils-gdb/ld/lexsup.c:613:3
>     #5 0x5b90f9 in main /binutils-gdb/ld/./ldmain.c:314:3
>     #6 0x7f594974082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> Direct leak of 5568 byte(s) in 1 object(s) allocated from:
>     #0 0x4dace0 in malloc /Git/llvm-6.0.1/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
>     #1 0x539eb1 in parse_args /binutils-gdb/ld/lexsup.c:567:7
>     #2 0x5b90f9 in main /binutils-gdb/ld/./ldmain.c:314:3
>     #3 0x7f594974082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> Direct leak of 390 byte(s) in 12 object(s) allocated from:
>     #0 0x4dace0 in malloc /Git/llvm-6.0.1/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
>     #1 0xcc3fdf in xmalloc /binutils-gdb/libiberty/./xmalloc.c:147:12
>     #2 0xcc4695 in xstrdup /binutils-gdb/libiberty/./xstrdup.c:34:24
>     #3 0x52f4e7 in yylex /binutils-gdb/ld/ldlex.l:423:20
>     #4 0x514ccd in yyparse /binutils-gdb/ld/ldgram.c:2292:16
>     #5 0x5b9595 in main /binutils-gdb/ld/./ldmain.c:351:7
>     #6 0x7f594974082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> Direct leak of 64 byte(s) in 1 object(s) allocated from:
>     #0 0x4db160 in realloc /Git/llvm-6.0.1/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:107
>     #1 0xcc43d3 in xrealloc /binutils-gdb/libiberty/./xmalloc.c:179:14
>     #2 0x6182aa in gldelf_x86_64_add_options /binutils-gdb/ld/eelf_x86_64.c:7186:25
>     #3 0x5e3315 in ldemul_add_options /binutils-gdb/ld/ldemul.c:140:5
>     #4 0x53aa64 in parse_args /binutils-gdb/ld/lexsup.c:613:3
>     #5 0x5b90f9 in main /binutils-gdb/ld/./ldmain.c:314:3
>     #6 0x7f594974082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> Direct leak of 47 byte(s) in 3 object(s) allocated from:
>     #0 0x4dace0 in malloc /Git/llvm-6.0.1/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
>     #1 0xcc3fdf in xmalloc /binutils-gdb/libiberty/./xmalloc.c:147:12
>     #2 0xcc4695 in xstrdup /binutils-gdb/libiberty/./xstrdup.c:34:24
>     #3 0x52ee71 in yylex /binutils-gdb/ld/ldlex.l:395:20
>     #4 0x514ccd in yyparse /binutils-gdb/ld/ldgram.c:2292:16
>     #5 0x5b9595 in main /binutils-gdb/ld/./ldmain.c:351:7
>     #6 0x7f594974082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> Direct leak of 22 byte(s) in 2 object(s) allocated from:
>     #0 0x4dace0 in malloc /Git/llvm-6.0.1/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
>     #1 0xcc3fdf in xmalloc /binutils-gdb/libiberty/./xmalloc.c:147:12
>     #2 0xcc4695 in xstrdup /binutils-gdb/libiberty/./xstrdup.c:34:24
>     #3 0x52eb92 in yylex /binutils-gdb/ld/ldlex.l:377:20
>     #4 0x514ccd in yyparse /binutils-gdb/ld/ldgram.c:2292:16
>     #5 0x5b9595 in main /binutils-gdb/ld/./ldmain.c:351:7
>     #6 0x7f594974082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> SUMMARY: AddressSanitizer: 11723 byte(s) leaked in 20 allocation(s).
> Aborted



The valgrind dumps the stack trace as follows:
valgrind --tool=memcheck --leak-check=full  ./ld -E $POC

> ...
> ...
> ==103914== LEAK SUMMARY:
> ==103914==    definitely lost: 12,058 bytes in 89 blocks
> ==103914==    indirectly lost: 0 bytes in 0 blocks
> ==103914==      possibly lost: 0 bytes in 0 blocks
> ==103914==    still reachable: 165,693 bytes in 530 blocks
> ==103914==         suppressed: 0 bytes in 0 blocks
> ==103914== Reachable blocks (those to which a pointer was found) are not shown.
> ==103914== To see them, rerun with: --leak-check=full --show-leak-kinds=all
> ==103914==
> ==103914== For counts of detected and suppressed errors, rerun with: -v
> ==103914== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 0 from 0)
Comment 1 Nick Clifton 2019-01-14 13:33:45 UTC
Hi wcventure,

  Thanks for reporting this problem.  Given that these leaks are so
  small, and that ld does not run continuously, I see no need to fix
  them.

Cheers
  Nick