Bug 23952 - A memory leak issue was discovered in bfd
Summary: A memory leak issue was discovered in bfd
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.31
: P2 normal
Target Milestone: 2.32
Assignee: Alan Modra
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-05 06:14 UTC by wcventure
Modified: 2018-12-07 13:54 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed: 2018-12-07 00:00:00

Attachments
MemoryLeak-POC (10.94 KB, application/x-executable)
2018-12-05 06:14 UTC, wcventure 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description wcventure 2018-12-05 06:14:02 UTC 
Created attachment 11430 [details]
MemoryLeak-POC

Hi there,

A memory leak issue was discovered in bfd, as distributed in GNU Binutils 2.31. 
In _bfd_generic_read_minisymbols function in syms.c, the is a heap allocation. But this heap allocation didn't deallocate in the end. The source Code show as follow.

> 809       if (storage < 0)
> 810         goto error_return;
> 811       if (storage == 0)
> 812         return 0;
> 813
> 814       syms = (asymbol **) bfd_malloc (storage);
> 815       if (syms == NULL)
> 816         goto error_return;
> 817
> 818       if (dynamic)


Please use the "./nm -C $POC" to reproduce the bug.
To reproduce this bug. You need to build bintuils-2.31 with ASAN, setting following Command:

> export ASAN_OPTIONS=abort_on_error=1:symbolize=1:detect_leaks=1


The Leak Sanitizer dumps the stack trace as follows:

> ==31800==ERROR: LeakSanitizer: detected memory leaks
> 
> Direct leak of 8 byte(s) in 1 object(s) allocated from:
>     #0 0x7fd48c209b90 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb90)
>     #1 0x4298a3 in bfd_malloc /home/wencheng/Documents/Experiment/binutils-2.31_ASAN/bfd/libbfd.c:271
>     #2 0x433e68 in _bfd_generic_read_minisymbols /home/wencheng/Documents/Experiment/binutils-2.31_ASAN/bfd/syms.c:814
>     #3 0x4078d5 in display_rel_file /home/wencheng/Documents/Experiment/binutils-2.31_ASAN/binutils/nm.c:1113
>     #4 0x408b40 in display_file /home/wencheng/Documents/Experiment/binutils-2.31_ASAN/binutils/nm.c:1325
>     #5 0x40a737 in main /home/wencheng/Documents/Experiment/binutils-2.31_ASAN/binutils/nm.c:1799
>     #6 0x7fd48bb7d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> SUMMARY: AddressSanitizer: 8 byte(s) leaked in 1 allocation(s).
Comment 1 Sourceware Commits 2018-12-07 13:53:19 UTC 
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9

commit c2f5dc30afa34696f2da0081c4ac50b958ecb0e9
Author: Alan Modra <amodra@gmail.com>
Date:   Fri Dec 7 23:39:42 2018 +1030

    PR23952, memory leak in _bfd_generic_read_minisymbols
    
    bfd/
    	PR 23952
    	* syms.c (_bfd_generic_read_minisymbols): Free syms before
    	returning with zero symcount.
    binutils/
    	* nm.c (display_rel_file): Use xrealloc to increase minisyms
    	for synthetic symbols.
Comment 2 Alan Modra 2018-12-07 13:54:45 UTC 
Fixed on master