Imagelibrary/binutils-gdb
1
0
Fork 1
mirror of https://github.com/bminor/binutils-gdb.git synced 2025-11-16 12:34:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

gas: avoid dangling pointers into freed memory

Browse Source 
The oss-fuzz gas fuzzer is quite broken in that it doesn't
reinitialise all gas and bfd static variables between runs.  Since gas
naughtily modifies bfd_und_section and bfd_abs_section those bfd
statics can hold pointers into freed memory between runs.
This patch fixes oss-fuzz issue 398060144.
This commit is contained in:
Alan Modra
2025-02-23 21:05:00 +10:30
parent a021382482
commit 70b4fd3dc7
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
gas/subsegs.c
View File

@@ -50,8 +50,21 @@ subsegs_end (struct obstack **obs)
for (; *obs; obs++)
_obstack_free (*obs, NULL);
_obstack_free (&frchains, NULL);
bfd_set_section_userdata (bfd_abs_section_ptr, NULL);
bfd_set_section_userdata (bfd_com_section_ptr, NULL);
bfd_set_section_userdata (bfd_und_section_ptr, NULL);
bfd_set_section_userdata (bfd_abs_section_ptr, NULL);
bfd_set_section_userdata (bfd_ind_section_ptr, NULL);
/* Reverse bfd_std_section_init, so the sections look as they did
initially. This, and clearing out userdata above, is so we don't
leave dangling pointers into freed memory for oss-fuzz to mess
with. */
asymbol *global_syms = bfd_com_section_ptr->symbol;
bfd_und_section_ptr->used_by_bfd = NULL;
bfd_und_section_ptr->symbol = global_syms + (bfd_und_section_ptr
- bfd_com_section_ptr);
bfd_abs_section_ptr->used_by_bfd = NULL;
bfd_abs_section_ptr->symbol = global_syms + (bfd_abs_section_ptr
- bfd_com_section_ptr);
}
static void