Imagelibrary/binutils-gdb
1
0
Fork 1
mirror of https://github.com/bminor/binutils-gdb.git synced 2025-11-16 12:34:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix use-after-free when destroying objfile

Browse Source 
The recent patch to heap-allocate compunit_symtabs introduced a
use-after-free that can occur when destroying an objfile.  The bug
here is that the objfile obstack is destroyed before compunit_symtabs;
but the compunit_symtabs destructor refers to the symtabs, which are
allocated on the obstack.

This patch fixes the problem.  This was reported using ASAN, but I
reproduced it with valgrind and verified that this fixes the problem.

Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=33435
This commit is contained in:
Tom Tromey
2025-10-13 21:36:56 -06:00
parent 2358bcf045
commit 4109b06814
2 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
gdb/objfiles.h
View File

@@ -719,11 +719,6 @@ private:
program_space *m_pspace;
public:
/* List of compunits.
These are used to do symbol lookups and file/line-number lookups. */
owning_intrusive_list<compunit_symtab> compunit_symtabs;
/* The object file's BFD. Can be null if the objfile contains only
minimal symbols (e.g. the run time common symbols for SunOS4) or
if the objfile is a dynamic objfile (e.g. created by JIT reader
@@ -751,6 +746,11 @@ public:
auto_obstack objfile_obstack;
/* List of compunits.
These are used to do symbol lookups and file/line-number lookups. */
owning_intrusive_list<compunit_symtab> compunit_symtabs;
/* Structure which keeps track of functions that manipulate objfile's
of the same type as this objfile. I.e. the function to read partial
symbols for example. Note that this structure is in statically

3
gdb/symfile.c
View File

@@ -2581,6 +2581,8 @@ reread_symbols (int from_tty)
error (_("Can't read symbols from %s: %s."), objfile_name (&objfile),
bfd_errmsg (bfd_get_error ()));
objfile.compunit_symtabs.clear ();
/* NB: after this call to obstack_free, objfiles_changed
will need to be called (see discussion below). */
obstack_free (&objfile.objfile_obstack, 0);
@@ -2590,7 +2592,6 @@ reread_symbols (int from_tty)
objfile.sect_index_data = -1;
objfile.sect_index_rodata = -1;
objfile.sect_index_text = -1;
objfile.compunit_symtabs.clear ();
objfile.template_symbols = NULL;
objfile.static_links.clear ();