diff mbox series

[v2,1/5] avoid -Wuse-after-free [BZ #26779]

Message ID 134bf8c7-51ac-2615-7ce3-a144a5fd315f@gmail.com
State Committed
Commit 03ad86880f68f498ee04e9ea84cd4f0d14473970
Headers
Series avoid -Wuse-after-free [BZ #26779] |

Commit Message

Martin Sebor Jan. 25, 2022, 12:57 a.m. UTC 
  On 1/24/22 17:52, Martin Sebor wrote:
> This is a repost of the original patch but broken down by source
> file and with some suppression done by #pragma GCC diagnostic
> instead of conversion to intptr_t.  It also adds fixes for
> the same problem in the test suite that I overlooked before.

The attached patch suppresses the -Wuse-after-free instance in
elf/ldconfig.c.

> 
> On 1/15/22 17:21, Martin Sebor wrote:
>> GCC 12 features a couple of new warnings designed to detect uses
>> of pointers made invalid by the pointees lifetimes having ended.
>> Building Glibc with the enhanced GCC exposes a few such uses,
>> mostly after successful calls to realloc.  The attached patch
>> avoids the new warnings by converting the pointers to uintptr_t
>> first and using the converted integers instead.
>>
>> The patch suppresses all instances of the warning at the strictest
>> setting (-Wuse-after-free=3), which includes even uses in equality
>> expressions.  The default setting approved for GCC 12 is
>> -Wuse-after-free=2, which doesn't warn on such uses to accommodate
>> the pointer-adjustment-after-realloc idiom.  At the default setting,
>> the changes to ldconfig.c and setenv are not necessary.
>>
>> Martin
>

Comments

Carlos O'Donell Jan. 25, 2022, 5:46 p.m. UTC | #1 
On 1/24/22 19:57, Martin Sebor via Libc-alpha wrote:
> On 1/24/22 17:52, Martin Sebor wrote:
>> This is a repost of the original patch but broken down by source
>> file and with some suppression done by #pragma GCC diagnostic
>> instead of conversion to intptr_t.  It also adds fixes for
>> the same problem in the test suite that I overlooked before.
> 
> The attached patch suppresses the -Wuse-after-free instance in
> elf/ldconfig.c.
> 
>>
>> On 1/15/22 17:21, Martin Sebor wrote:
>>> GCC 12 features a couple of new warnings designed to detect uses
>>> of pointers made invalid by the pointees lifetimes having ended.
>>> Building Glibc with the enhanced GCC exposes a few such uses,
>>> mostly after successful calls to realloc.  The attached patch
>>> avoids the new warnings by converting the pointers to uintptr_t
>>> first and using the converted integers instead.
>>>
>>> The patch suppresses all instances of the warning at the strictest
>>> setting (-Wuse-after-free=3), which includes even uses in equality
>>> expressions.  The default setting approved for GCC 12 is
>>> -Wuse-after-free=2, which doesn't warn on such uses to accommodate
>>> the pointer-adjustment-after-realloc idiom.  At the default setting,
>>> the changes to ldconfig.c and setenv are not necessary.
>>>
>>> Martin
>>

OK for glibc 2.35, please push this commit.

Expected commit message (three lines):
~~~
elf: Fix use-after-free in ldconfig [BZ #26779]

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
~~~

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

> diff --git a/elf/ldconfig.c b/elf/ldconfig.c
> index d14633f5ec..57bb95ebc3 100644
> --- a/elf/ldconfig.c
> +++ b/elf/ldconfig.c
> @@ -735,9 +735,9 @@ manual_link (char *library)
>    create_links (real_path, path, libname, soname);
>    free (soname);
>  out:

OK. real_path is set if opt_chroot is non-NULL, and is a distinct
pointer from path in that case and must be freed (since chroot_canon
was malloc'd).

> -  free (path);
>    if (path != real_path)
>      free (real_path);
> +  free (path);


OK. This is correct, and is the only case I can see where we touch
path after freeing it.

>  }
>  
>
diff mbox series

Patch

diff --git a/elf/ldconfig.c b/elf/ldconfig.c
index d14633f5ec..57bb95ebc3 100644
--- a/elf/ldconfig.c
+++ b/elf/ldconfig.c
@@ -735,9 +735,9 @@  manual_link (char *library)
   create_links (real_path, path, libname, soname);
   free (soname);
 out:
-  free (path);
   if (path != real_path)
     free (real_path);
+  free (path);
 }