Bug 25361

Summary: Memory leak in readelf, request_dump_bynumber
Product: binutils Reporter: Heqing HUANG <featherrain26>
Component: binutilsAssignee: Alan Modra <amodra>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 2.32   
Target Milestone: 2.34   
Host: Target:
Build: Last reconfirmed:
Attachments: POC file

Description Heqing HUANG 2020-01-10 13:49:58 UTC 
Created attachment 12182 [details]
POC file

Hi, there.

There is a memory leak in file binutils/readelf.c, get_data function.

Here is the reproducing environment and procedure:

Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.6 LTS
Release:	16.04
Codename:	xenial
gcc:            5.4.0

compilation:
CFLAGS="-fsanitize=address,undefined" ./configure

./readelf -agteSdcWw --dyn-syms -D poc


Here is the error message:

=================================================================
==16847==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 180 byte(s) in 5 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x4d0694 in xmalloc (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x4d0694)
    #2 0x4c19ef in xcmalloc (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x4c19ef)
    #3 0x4af8ca in display_debug_frames (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x4af8ca)
    #4 0x46172f in display_debug_section (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x46172f)
    #5 0x461f4b in process_section_contents (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x461f4b)
    #6 0x47c8e2 in process_object (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x47c8e2)
    #7 0x47e950 in process_file (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x47e950)
    #8 0x47ecd1 in main (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x47ecd1)
    #9 0x7ffff5db382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 90 byte(s) in 5 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x4d0694 in xmalloc (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x4d0694)
    #2 0x4c19ef in xcmalloc (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x4c19ef)
    #3 0x4af7f3 in display_debug_frames (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x4af7f3)
    #4 0x46172f in display_debug_section (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x46172f)
    #5 0x461f4b in process_section_contents (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x461f4b)
    #6 0x47c8e2 in process_object (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x47c8e2)
    #7 0x47e950 in process_file (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x47e950)
    #8 0x47ecd1 in main (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x47ecd1)
    #9 0x7ffff5db382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 19 byte(s) in 1 object(s) allocated from:
    #0 0x7ffff6f0279a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
    #1 0x41b632 in request_dump_bynumber (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x41b632)
    #2 0x42b94f in process_section_headers (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x42b94f)
    #3 0x47c6fd in process_object (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x47c6fd)
    #4 0x47e950 in process_file (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x47e950)
    #5 0x47ecd1 in main (/playground/playground/binutils-2.32-r/binutils-2.32/binutils/readelf+0x47ecd1)
    #6 0x7ffff5db382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 289 byte(s) leaked in 11 allocation(s).

Regards,
Comment 1 Sourceware Commits 2020-01-13 12:27:28 UTC 
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a4f2b7c5d931f2aa27851b59ae5817a6ee43cfcb

commit a4f2b7c5d931f2aa27851b59ae5817a6ee43cfcb
Author: Alan Modra <amodra@gmail.com>
Date:   Mon Jan 13 22:53:02 2020 +1030

    Re: PR23560, PR23561, readelf memory leaks
    
    	PR 25360
    	PR 25361
    	Dyslexia strikes again.
    
    Fix git commit a788aedd86da983faf0afef3cb41461118a2e9f2 ChangeLog.
Comment 2 Alan Modra 2020-01-13 12:28:49 UTC 
Fixed.