Fix a double free in objcopy.

Message ID 20210125160215.GA108494@gmail.com
State New
Headers show
Series
  • Fix a double free in objcopy.
Related show

Commit Message

Frederic Cambus Jan. 25, 2021, 4:02 p.m.
binutils/ChangeLog:

	* objcopy.c (copy_main): Fix a double free happening when both
	--localize-symbols and --globalize-symbols options are invoked
	together.
---
 binutils/ChangeLog | 6 ++++++
 binutils/objcopy.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

-- 
2.29.2

Comments

Nick Clifton via Binutils Jan. 26, 2021, 9:57 a.m. | #1
Hi Frederic,

> 	* objcopy.c (copy_main): Fix a double free happening when both

> 	--localize-symbols and --globalize-symbols options are invoked

> 	together.


Patch approved and applied.  Thanks very much for catching this typo.

Cheers
   Nick
Nick Clifton via Binutils Jan. 27, 2021, 2:49 a.m. | #2
On Tue, Jan 26, 2021 at 09:57:20AM +0000, Nick Clifton via Binutils wrote:
> Hi Frederic,

> 

> > 	* objcopy.c (copy_main): Fix a double free happening when both

> > 	--localize-symbols and --globalize-symbols options are invoked

> > 	together.

> 

> Patch approved and applied.  Thanks very much for catching this typo.


I put this on the 2.36 and 2.35 branches too, along with c3ffb8f340
"Segmentation fault i386-gen" on the grounds these patches are zero
risk.  I also put 4287950e54 "pr27228 testcase" on 2.36 to fix the
testcase that was applied there.

-- 
Alan Modra
Australia Development Lab, IBM
Nick Clifton via Binutils Jan. 27, 2021, 10:34 a.m. | #3
Hi Alan,

>>> 	* objcopy.c (copy_main): Fix a double free happening when both

>>> 	--localize-symbols and --globalize-symbols options are invoked

>>> 	together.


> I put this on the 2.36 and 2.35 branches too, along with c3ffb8f340

> "Segmentation fault i386-gen" on the grounds these patches are zero

> risk.  I also put 4287950e54 "pr27228 testcase" on 2.36 to fix the

> testcase that was applied there.


Thanks very much.

It occurred to me after applying the patch to objcopy.c that we do
not need the conditional part of the "if (<name>) free (<name>)"
statements, and that if they had been removed then the double free
might have been more obvious.  I will update mainline, but I do not
see any particular need to backport this particular change.

Cheers
   Nick

Patch

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index b0a8da7a2df..ad09b48ae74 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@ 
+2021-01-25  Frederic Cambus  <fred@statdns.com>
+
+	* objcopy.c (copy_main): Fix a double free happening when both
+	--localize-symbols and --globalize-symbols options are invoked
+	together.
+
 2021-01-24  Nick Clifton  <nickc@redhat.com>
 
 	* README-how-to-make-a-release: Minor updates after the 2.36 release.
diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index 62ee22202ff..a5cead1cf8e 100644
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -6018,7 +6018,7 @@  copy_main (int argc, char *argv[])
     free (keep_specific_buffer);
 
   if (localize_specific_buffer)
-    free (globalize_specific_buffer);
+    free (localize_specific_buffer);
 
   if (globalize_specific_buffer)
     free (globalize_specific_buffer);