This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Fix linker crash in avr_elf32_load_records_from_section
- From: Senthil Kumar Selvaraj <senthil_kumar dot selvaraj at atmel dot com>
- To: binutils <binutils at sourceware dot org>
- Cc: Denis Chertykov <chertykov at gmail dot com>, Andrew Burgess <andrew dot burgess at embecosm dot com>
- Date: Wed, 30 Mar 2016 15:03:19 +0530
- Subject: Fix linker crash in avr_elf32_load_records_from_section
- Authentication-results: sourceware.org; auth=none
Hi,
The linker crashes when ld/testsuite/ld-avr/avr-prop-1.d is run with
-m avrxmega6 (instead of avrxmega2 that is supplied in the testcase).
The crash occurs when attempting to free internal_relocs obtained
through a _bfd_elf_link_read_relocs call with keep_memory set to
FALSE. This works fine if the relocs aren't already cached by a prior
call. Otherwise, calling free on the returned (cached) relocs,
allocated with bfd_alloc, crashes the linker.
This rather trivial fix repeats the cached pointer check already done
in quite a few places in elf32-avr.c.
If this is ok, could someone commit please? I don't have commit
access.
Regards
Senthil
2016-03-30 Senthil Kumar Selvaraj <senthil_kumar.selvaraj@atmel.com>
* elf32-avr.c (avr_elf32_load_records_from_section): Free
internal_relocs only if they aren't cached.
diff --git a/bfd/elf32-avr.c b/bfd/elf32-avr.c
index 91994f0..764d0d1 100644
--- a/bfd/elf32-avr.c
+++ b/bfd/elf32-avr.c
@@ -4068,11 +4068,13 @@ avr_elf32_load_records_from_section (bfd *abfd, asection *sec)
}
free (contents);
- free (internal_relocs);
+ if (elf_section_data (sec)->relocs != internal_relocs)
+ free (internal_relocs);
return r_list;
load_failed:
- free (internal_relocs);
+ if (elf_section_data (sec)->relocs != internal_relocs)
+ free (internal_relocs);
free (contents);
free (r_list);
return NULL;