Fix linker crash in avr_elf32_load_records_from_section

Senthil Kumar Selvaraj senthil_kumar.selvaraj@atmel.com
Wed Mar 30 09:33:00 GMT 2016


Hi,

  The linker crashes when ld/testsuite/ld-avr/avr-prop-1.d is run with
  -m avrxmega6 (instead of avrxmega2 that is supplied in the testcase).

  The crash occurs when attempting to free internal_relocs obtained
  through a _bfd_elf_link_read_relocs call with keep_memory set to
  FALSE. This works fine if the relocs aren't already cached by a prior
  call. Otherwise, calling free on the returned (cached) relocs,
  allocated with bfd_alloc, crashes the linker.

  This rather trivial fix repeats the cached pointer check already done
  in quite a few places in elf32-avr.c.

  If this is ok, could someone commit please? I don't have commit
  access.

Regards
Senthil

2016-03-30  Senthil Kumar Selvaraj  <senthil_kumar.selvaraj@atmel.com>

	* elf32-avr.c (avr_elf32_load_records_from_section): Free
  internal_relocs only if they aren't cached.


diff --git a/bfd/elf32-avr.c b/bfd/elf32-avr.c
index 91994f0..764d0d1 100644
--- a/bfd/elf32-avr.c
+++ b/bfd/elf32-avr.c
@@ -4068,11 +4068,13 @@ avr_elf32_load_records_from_section (bfd *abfd, asection *sec)
     }
 
   free (contents);
-  free (internal_relocs);
+  if (elf_section_data (sec)->relocs != internal_relocs)
+    free (internal_relocs);
   return r_list;
 
  load_failed:
-  free (internal_relocs);
+  if (elf_section_data (sec)->relocs != internal_relocs)
+    free (internal_relocs);
   free (contents);
   free (r_list);
   return NULL;



More information about the Binutils mailing list