Bug 31161 - potential Memory in stabs.c
Summary: potential Memory in stabs.c
Status: RESOLVED NOTABUG
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.32
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-13 08:54 UTC by 时宇羽然
Modified: 2023-12-14 05:14 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
Memory Leak in stabs.c (615.74 KB, image/png)
2023-12-14 04:47 UTC, 时宇羽然
Details

Note You need to log in before you can comment on or make changes to this bug.
Description 时宇羽然 2023-12-13 08:54:38 UTC
Hi, I found a memory leak bug in the source code of binutils, and I have shown 
the execution sequence below. This bug exists in the file stabs.c. The red text illustrates the steps that generate the bug.

As shown in the diagram, in the function parse_stab, a block of memory is allocated for dhandle->current_file by calling the function debug_set_filename. After calling parse_stab, the memory of dhandle->current_file is not freed.The memory of dhandle->current_file will leak.

Although reported bug trace is for version 2.32 but i've check this bug still existing in latest version.

Can you help to check if this bug is true? Thanks for your effort.
Comment 1 Alan Modra 2023-12-13 22:22:26 UTC
This isn't a leak, nor is any other case of allocated memory accessible via pointers.
Comment 2 Alan Modra 2023-12-13 23:12:10 UTC
To be clear, by accessible I mean reachable from a pointer in data (possibly via a chain of pointers).
Comment 3 时宇羽然 2023-12-14 04:47:37 UTC
Created attachment 15259 [details]
Memory Leak in stabs.c
Comment 4 时宇羽然 2023-12-14 05:14:45 UTC
(In reply to Alan Modra from comment #2)
> To be clear, by accessible I mean reachable from a pointer in data (possibly
> via a chain of pointers).

I'm sorry, it seems that the previous attachment may not have been uploaded successfully. I have now included the detailed steps of how memory can be accessable via pointer.

As shown in the image, first, the function debug_set_filename allocates a block of memory for handle->current_file. Second, when calling debug_set_filename, dhandle is passed as the 1st parameter.Therefore, dhandle->current_file is modified. Third,in the function parse_stab, there are several places where it can return FALSE.If the function parse_stab returns FALSE, the branch in the fuction read_section_stabs_debugging_info will be executed, and read_section_stabs_debugging_info will also return FALSE. dhandle->current_file is not freed in this branch.Forth, if read_section_stabs_debugging_info returns FALSE, the fuction read_debugging_info will return NULL, and the memory of dhandle->current_file will leak.
 
Can you please help to check again? Thanks for your effort.