Re: bfd_get_full_section_contents memory leak, plus

[Alan Modra <amodra at gmail dot com>]

On Fri, Oct 19, 2012 at 12:18:01PM -0500, Peter Bergner wrote:
> On Fri, 2012-10-19 at 12:12 -0500, Peter Bergner wrote:
> > On Fri, 2012-10-19 at 10:57 -0600, Tom Tromey wrote:
> > > Tom> I will look into it.
> > > 
> > > I'm going to back out the patch until I understand what is going on.
> > > Sorry about this.
> > 
> > Just to remove any doubt, the test cases now pass with the patch removed.
> > 
> > In case this only fails on ppc64, gcc110.fsffrance.org in the GCC farm
> > system should be usable to debug this.
> 
> ...or if there is a patch you want me to try out for you, I can
> do that as well.

Fails on x86_64 too, and probably all targets.  Two problems:
1) Tom's patch made error exit from bfd_get_full_section_contents
   free a buffer the function didn't allocate.
2) Existing bug in bfd_get_full_section_contents wrongly used
   sec->size for uncompressed_size, and so failed due to merge section
   code interaction.  The correct size is "sz".

This on top of Tom's patch ought to cure the failures.  Testing
in progress.

	* compress.c: Reinstate 2012-10-19 change.
	(bfd_get_full_section_contents): Don't free unless we alloc.
	Use proper decompress size.  Delete some vars, rename others.

--- a/bfd/compress.c	2012-10-20 10:37:03.348226569 +1030
+++ b/bfd/compress.c	2012-10-20 10:30:03.665644047 +1030
@@ -161,9 +161,8 @@ bfd_get_full_section_contents (bfd *abfd
   bfd_byte *p = *ptr;
 #ifdef HAVE_ZLIB_H
   bfd_boolean ret;
-  bfd_size_type compressed_size;
-  bfd_size_type uncompressed_size;
-  bfd_size_type rawsize;
+  bfd_size_type save_size;
+  bfd_size_type save_rawsize;
   bfd_byte *compressed_buffer;
 #endif
 
@@ -198,37 +197,36 @@ bfd_get_full_section_contents (bfd *abfd
       return FALSE;
 #else
       /* Read in the full compressed section contents.  */
-      uncompressed_size = sec->size;
-      compressed_size = sec->compressed_size;
-      compressed_buffer = (bfd_byte *) bfd_malloc (compressed_size);
+      compressed_buffer = (bfd_byte *) bfd_malloc (sec->compressed_size);
       if (compressed_buffer == NULL)
 	return FALSE;
-      rawsize = sec->rawsize;
+      save_rawsize = sec->rawsize;
+      save_size = sec->size;
       /* Clear rawsize, set size to compressed size and set compress_status
 	 to COMPRESS_SECTION_NONE.  If the compressed size is bigger than
 	 the uncompressed size, bfd_get_section_contents will fail.  */
       sec->rawsize = 0;
-      sec->size = compressed_size;
+      sec->size = sec->compressed_size;
       sec->compress_status = COMPRESS_SECTION_NONE;
       ret = bfd_get_section_contents (abfd, sec, compressed_buffer,
-				      0, compressed_size);
+				      0, sec->compressed_size);
       /* Restore rawsize and size.  */
-      sec->rawsize = rawsize;
-      sec->size = uncompressed_size;
+      sec->rawsize = save_rawsize;
+      sec->size = save_size;
       sec->compress_status = DECOMPRESS_SECTION_SIZED;
       if (!ret)
 	goto fail_compressed;
 
       if (p == NULL)
-	p = (bfd_byte *) bfd_malloc (uncompressed_size);
+	p = (bfd_byte *) bfd_malloc (sz);
       if (p == NULL)
 	goto fail_compressed;
 
-      if (!decompress_contents (compressed_buffer, compressed_size,
-				p, uncompressed_size))
+      if (!decompress_contents (compressed_buffer, sec->compressed_size, p, sz))
 	{
 	  bfd_set_error (bfd_error_bad_value);
-	  free (p);
+	  if (p != *ptr)
+	    free (p);
 	fail_compressed:
 	  free (compressed_buffer);
 	  return FALSE;

-- 
Alan Modra
Australia Development Lab, IBM