From patchwork Wed Sep 7 08:34:45 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bhushan Attarde X-Patchwork-Id: 15371 Received: (qmail 10291 invoked by alias); 7 Sep 2016 08:35:12 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 10243 invoked by uid 89); 7 Sep 2016 08:35:11 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.7 required=5.0 tests=AWL, BAYES_00, RCVD_IN_DNSWL_NONE, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 spammy=freed, free'd, 1046, Hx-languages-length:2280 X-Spam-User: qpsmtpd, 2 recipients X-HELO: mailapp01.imgtec.com Received: from mailapp01.imgtec.com (HELO mailapp01.imgtec.com) (195.59.15.196) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 07 Sep 2016 08:35:10 +0000 Received: from hhmail02.hh.imgtec.org (unknown [10.100.10.20]) by Forcepoint Email with ESMTPS id A228F4D820E5F; Wed, 7 Sep 2016 09:34:54 +0100 (IST) Received: from pudesk170.pu.imgtec.org (192.168.93.65) by hhmail02.hh.imgtec.org (10.100.10.20) with Microsoft SMTP Server (TLS) id 14.3.294.0; Wed, 7 Sep 2016 09:34:57 +0100 From: Bhushan Attarde To: CC: , , , Bhushan Attarde Subject: [PATCH] Add "build_id" to struct bfd_preserve Date: Wed, 7 Sep 2016 14:04:45 +0530 Message-ID: <1473237285-5344-1-git-send-email-bhushan.attarde@imgtec.com> MIME-Version: 1.0 Currently the "build_id" field of "struct bfd" is not preserved by "struct bfd_preserve" when "bfd_check_format_matches" is going through all target vectors trying to find a compatible target vector. This leads to a segmentation fault in GDB. Consider a case where one compatible target vector has already been found (so the subset of bfd state is saved in struct bfd_preserve) and then an attempt to find a better match fails after it has modified bfd's build_id pointer. Since this attempt is failed, all its side effects will be undone and all memory allocations done by this vector will be free'd. This will eventually free the memory block that build_id pointer is pointing to. This free'd block then gets reallocated and used for storing something else -- leaving build_id pointing to incorrect contents. This patch adds "build_id" pointer to "struct bfd_preserve" so that it will be preserved on success which can then be recoverable on failure. bfd/ChangeLog: * format.c (struct bfd_preserve): New "build_id" field. (bfd_preserve_save): Save "build_id". (bfd_preserve_restore): Restore "build_id". --- bfd/format.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bfd/format.c b/bfd/format.c index f34b1d4..459aa54 100644 --- a/bfd/format.c +++ b/bfd/format.c @@ -104,6 +104,7 @@ struct bfd_preserve struct bfd_section *section_last; unsigned int section_count; struct bfd_hash_table section_htab; + const struct bfd_build_id *build_id; }; /* When testing an object for compatibility with a particular target @@ -125,6 +126,7 @@ bfd_preserve_save (bfd *abfd, struct bfd_preserve *preserve) preserve->section_last = abfd->section_last; preserve->section_count = abfd->section_count; preserve->section_htab = abfd->section_htab; + preserve->build_id = abfd->build_id; preserve->marker = bfd_alloc (abfd, 1); if (preserve->marker == NULL) return FALSE; @@ -158,6 +160,7 @@ bfd_preserve_restore (bfd *abfd, struct bfd_preserve *preserve) abfd->sections = preserve->sections; abfd->section_last = preserve->section_last; abfd->section_count = preserve->section_count; + abfd->build_id = preserve->build_id; /* bfd_release frees all memory more recently bfd_alloc'd than its arg, as well as its arg. */