PR27071, gas bugs uncovered by fuzzing
Alan Modra
amodra@gmail.com
Tue Dec 15 14:43:37 GMT 2020
On Tue, Dec 15, 2020 at 03:04:11PM +0100, Jan Beulich wrote:
> On 15.12.2020 14:59, Alan Modra via Binutils wrote:
> > --- a/gas/config/obj-elf.c
> > +++ b/gas/config/obj-elf.c
> > @@ -2102,6 +2102,22 @@ elf_obj_symbol_new_hook (symbolS *symbolP)
> > #endif
> > }
> >
> > +/* Deduplicate size expressions. We might get into trouble with
> > + multiple freeing or use after free if we leave them pointing to the
> > + same expressionS. */
> > +
> > +void
> > +elf_obj_symbol_clone_hook (symbolS *newsym, symbolS *orgsym ATTRIBUTE_UNUSED)
> > +{
> > + struct elf_obj_sy *newelf = symbol_get_obj (newsym);
> > + if (newelf->size)
> > + {
> > + expressionS *exp = XNEW (expressionS);
> > + *exp = *newelf->size;
> > + newelf->size = exp;
> > + }
> > +}
>
> And this cloning doesn't require doing recursively?
I don't think so. Only the top level size expression is freed in
elf_copy_symbol_attributes or elf_frob_symbol.
--
Alan Modra
Australia Development Lab, IBM
More information about the Binutils
mailing list