Bug 23952 - A memory leak issue was discovered in bfd
Summary: A memory leak issue was discovered in bfd
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.31
: P2 normal
Target Milestone: 2.32
Assignee: Alan Modra
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-05 06:14 UTC by wcventure
Modified: 2018-12-07 13:54 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed: 2018-12-07 00:00:00


Attachments
MemoryLeak-POC (10.94 KB, application/x-executable)
2018-12-05 06:14 UTC, wcventure
Details

Note You need to log in before you can comment on or make changes to this bug.
Description wcventure 2018-12-05 06:14:02 UTC
Created attachment 11430 [details]
MemoryLeak-POC

Hi there,

A memory leak issue was discovered in bfd, as distributed in GNU Binutils 2.31. 
In _bfd_generic_read_minisymbols function in syms.c, the is a heap allocation. But this heap allocation didn't deallocate in the end. The source Code show as follow.

> 809       if (storage < 0)
> 810         goto error_return;
> 811       if (storage == 0)
> 812         return 0;
> 813
> 814       syms = (asymbol **) bfd_malloc (storage);
> 815       if (syms == NULL)
> 816         goto error_return;
> 817
> 818       if (dynamic)


Please use the "./nm -C $POC" to reproduce the bug.
To reproduce this bug. You need to build bintuils-2.31 with ASAN, setting following Command:

> export ASAN_OPTIONS=abort_on_error=1:symbolize=1:detect_leaks=1


The Leak Sanitizer dumps the stack trace as follows:

> ==31800==ERROR: LeakSanitizer: detected memory leaks
> 
> Direct leak of 8 byte(s) in 1 object(s) allocated from:
>     #0 0x7fd48c209b90 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb90)
>     #1 0x4298a3 in bfd_malloc /home/wencheng/Documents/Experiment/binutils-2.31_ASAN/bfd/libbfd.c:271
>     #2 0x433e68 in _bfd_generic_read_minisymbols /home/wencheng/Documents/Experiment/binutils-2.31_ASAN/bfd/syms.c:814
>     #3 0x4078d5 in display_rel_file /home/wencheng/Documents/Experiment/binutils-2.31_ASAN/binutils/nm.c:1113
>     #4 0x408b40 in display_file /home/wencheng/Documents/Experiment/binutils-2.31_ASAN/binutils/nm.c:1325
>     #5 0x40a737 in main /home/wencheng/Documents/Experiment/binutils-2.31_ASAN/binutils/nm.c:1799
>     #6 0x7fd48bb7d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 
> SUMMARY: AddressSanitizer: 8 byte(s) leaked in 1 allocation(s).
Comment 1 cvs-commit@gcc.gnu.org 2018-12-07 13:53:19 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9

commit c2f5dc30afa34696f2da0081c4ac50b958ecb0e9
Author: Alan Modra <amodra@gmail.com>
Date:   Fri Dec 7 23:39:42 2018 +1030

    PR23952, memory leak in _bfd_generic_read_minisymbols
    
    bfd/
    	PR 23952
    	* syms.c (_bfd_generic_read_minisymbols): Free syms before
    	returning with zero symcount.
    binutils/
    	* nm.c (display_rel_file): Use xrealloc to increase minisyms
    	for synthetic symbols.
Comment 2 Alan Modra 2018-12-07 13:54:45 UTC
Fixed on master