This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
RFA: fix bfd_close call in dlltool.c
- From: Tom Tromey <tromey at redhat dot com>
- To: Binutils Development <binutils at sourceware dot org>
- Date: Fri, 03 Aug 2012 08:51:03 -0600
- Subject: RFA: fix bfd_close call in dlltool.c
I looked at all the calls to bfd_openr_next_archived_file in binutils
and gdb.
This one stuck out as an obvious bug (the only one, btw). dlltool.c is
closing a member BFD before passing it to bfd_openr_next_archived_file.
This can cause crashes. You can easily see the failure under valgrind:
barimba. valgrind ./dlltool -e zz.o /usr/lib64/libutil.a
[...]
==6338== Invalid read of size 8
==6338== at 0x410A55: bfd_generic_openr_next_archived_file (archive.c:755)
==6338== by 0x405A22: scan_obj_file (dlltool.c:1700)
==6338== by 0x40C992: main (dlltool.c:4241)
==6338== Address 0x4c3ba30 is 208 bytes inside a block of size 296 free'd
==6338== at 0x4A0662E: free (vg_replace_malloc.c:366)
==6338== by 0x41A6AF: bfd_close (opncls.c:734)
==6338== by 0x405A0F: scan_obj_file (dlltool.c:1699)
==6338== by 0x40C992: main (dlltool.c:4241)
Here's the fix.
Ok?
Tom
2012-08-03 Tom Tromey <tromey@redhat.com>
* dlltool.c (scan_obj_file): Close arfile after calling
bfd_openr_next_archived_file.
diff --git a/binutils/dlltool.c b/binutils/dlltool.c
index 6ed0f7a..8d458d7 100644
--- a/binutils/dlltool.c
+++ b/binutils/dlltool.c
@@ -1694,10 +1694,12 @@ scan_obj_file (const char *filename)
bfd *arfile = bfd_openr_next_archived_file (f, 0);
while (arfile)
{
+ bfd *next;
if (bfd_check_format (arfile, bfd_object))
scan_open_obj_file (arfile);
+ next = bfd_openr_next_archived_file (f, arfile);
bfd_close (arfile);
- arfile = bfd_openr_next_archived_file (f, arfile);
+ arfile = next;
}
#ifdef DLLTOOL_MCORE_ELF