Message ID | 134bf8c7-51ac-2615-7ce3-a144a5fd315f@gmail.com |
---|---|
State | Committed |
Commit | 03ad86880f68f498ee04e9ea84cd4f0d14473970 |
Headers |
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 50B153858005 for <patchwork@sourceware.org>; Tue, 25 Jan 2022 00:58:05 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 50B153858005 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1643072285; bh=+a1pk9gI3QCxZ+SQf8nxmI/mVkGs6nYXDg/mUed3+30=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=n36uQ5cygKA247t7sfrMRpI4jc4H2qLnVRhPjz18+sFvhJ4M7HmXYNWU5abhJOEZA 0f1XcFI4FtOKd7txnWpe3hE6gTykPBXQonJyRtrXT4a03897vVP08VxPangGtPSGV9 TF/MIQKJ7OD57sG66ioB+CIzMB7q9MQORxkHb614= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) by sourceware.org (Postfix) with ESMTPS id 7E4C03858437 for <libc-alpha@sourceware.org>; Tue, 25 Jan 2022 00:57:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 7E4C03858437 Received: by mail-il1-x131.google.com with SMTP id i14so15460030ila.11 for <libc-alpha@sourceware.org>; Mon, 24 Jan 2022 16:57:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:from:to:references:in-reply-to; bh=+a1pk9gI3QCxZ+SQf8nxmI/mVkGs6nYXDg/mUed3+30=; b=mAyfeE/vohPKB2uQiSuh0J6mqWnZ3UqfihM8jwYeXc16Kiq3qADCSmRJgAoD40swjP J5ca44aUKcD0iKTskFQ13LP8hyVWdrwPpOVpbt+k9PwdLqYIoHL4Nx+33qiAQZ95SbdP ylBa2RKsWwSf9rYpnG0tq5GaBdG5d7+MqNQ4o/YGN1ubXyh8xtrxirdtcAStnHrR6J1i MTxaWTtK+XxJAyPlLTpLS6DFhWITvrJZaKXk9YSC34W4FX8iYh5Wy4eSomxDAxYUhHjv 2ZBrEdpGWqf+wf7Hw9+cRiEht9A8mKpB/uGZZDQt4ODIpLwNAKjx7U/kuT0iTvRxZzXX jNVA== X-Gm-Message-State: AOAM532fA6dIOqD5MVwxKCyJJSvn4MFzN2W1RMyAVM8kMcfV6rHJG8RO clPettAn+9OEO7xxYvT0XuKiR5Q+9EE= X-Google-Smtp-Source: ABdhPJzXgpNUjHm2AzmrMpuq1ZIn29bUOr86b5rKJcPzZIlJPk8ZBl+WO3vLzyqkp7cAwUCVAKpyaA== X-Received: by 2002:a05:6e02:1685:: with SMTP id f5mr8416995ila.308.1643072262718; Mon, 24 Jan 2022 16:57:42 -0800 (PST) Received: from [192.168.0.41] (97-118-100-142.hlrn.qwest.net. [97.118.100.142]) by smtp.gmail.com with ESMTPSA id l12sm7600742ios.32.2022.01.24.16.57.41 for <libc-alpha@sourceware.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Jan 2022 16:57:42 -0800 (PST) Content-Type: multipart/mixed; boundary="------------AhW0cM0Jev74nHIZGO3gDrQd" Message-ID: <134bf8c7-51ac-2615-7ce3-a144a5fd315f@gmail.com> Date: Mon, 24 Jan 2022 17:57:41 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: [PATCH v2 1/5] avoid -Wuse-after-free [BZ #26779] Content-Language: en-US To: libc-alpha@sourceware.org References: <c9f4a1b4-193e-986c-bc21-5866b9e62e16@gmail.com> <53f20975-a2c9-674d-2a43-b1b323ee545c@gmail.com> In-Reply-To: <53f20975-a2c9-674d-2a43-b1b323ee545c@gmail.com> X-Spam-Status: No, score=-10.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Martin Sebor via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Martin Sebor <msebor@gmail.com> Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> |
Series |
avoid -Wuse-after-free [BZ #26779]
|
|
Commit Message
Martin Sebor
Jan. 25, 2022, 12:57 a.m. UTC
On 1/24/22 17:52, Martin Sebor wrote: > This is a repost of the original patch but broken down by source > file and with some suppression done by #pragma GCC diagnostic > instead of conversion to intptr_t. It also adds fixes for > the same problem in the test suite that I overlooked before. The attached patch suppresses the -Wuse-after-free instance in elf/ldconfig.c. > > On 1/15/22 17:21, Martin Sebor wrote: >> GCC 12 features a couple of new warnings designed to detect uses >> of pointers made invalid by the pointees lifetimes having ended. >> Building Glibc with the enhanced GCC exposes a few such uses, >> mostly after successful calls to realloc. The attached patch >> avoids the new warnings by converting the pointers to uintptr_t >> first and using the converted integers instead. >> >> The patch suppresses all instances of the warning at the strictest >> setting (-Wuse-after-free=3), which includes even uses in equality >> expressions. The default setting approved for GCC 12 is >> -Wuse-after-free=2, which doesn't warn on such uses to accommodate >> the pointer-adjustment-after-realloc idiom. At the default setting, >> the changes to ldconfig.c and setenv are not necessary. >> >> Martin >
Comments
On 1/24/22 19:57, Martin Sebor via Libc-alpha wrote: > On 1/24/22 17:52, Martin Sebor wrote: >> This is a repost of the original patch but broken down by source >> file and with some suppression done by #pragma GCC diagnostic >> instead of conversion to intptr_t. It also adds fixes for >> the same problem in the test suite that I overlooked before. > > The attached patch suppresses the -Wuse-after-free instance in > elf/ldconfig.c. > >> >> On 1/15/22 17:21, Martin Sebor wrote: >>> GCC 12 features a couple of new warnings designed to detect uses >>> of pointers made invalid by the pointees lifetimes having ended. >>> Building Glibc with the enhanced GCC exposes a few such uses, >>> mostly after successful calls to realloc. The attached patch >>> avoids the new warnings by converting the pointers to uintptr_t >>> first and using the converted integers instead. >>> >>> The patch suppresses all instances of the warning at the strictest >>> setting (-Wuse-after-free=3), which includes even uses in equality >>> expressions. The default setting approved for GCC 12 is >>> -Wuse-after-free=2, which doesn't warn on such uses to accommodate >>> the pointer-adjustment-after-realloc idiom. At the default setting, >>> the changes to ldconfig.c and setenv are not necessary. >>> >>> Martin >> OK for glibc 2.35, please push this commit. Expected commit message (three lines): ~~~ elf: Fix use-after-free in ldconfig [BZ #26779] Reviewed-by: Carlos O'Donell <carlos@redhat.com> ~~~ Reviewed-by: Carlos O'Donell <carlos@redhat.com> > diff --git a/elf/ldconfig.c b/elf/ldconfig.c > index d14633f5ec..57bb95ebc3 100644 > --- a/elf/ldconfig.c > +++ b/elf/ldconfig.c > @@ -735,9 +735,9 @@ manual_link (char *library) > create_links (real_path, path, libname, soname); > free (soname); > out: OK. real_path is set if opt_chroot is non-NULL, and is a distinct pointer from path in that case and must be freed (since chroot_canon was malloc'd). > - free (path); > if (path != real_path) > free (real_path); > + free (path); OK. This is correct, and is the only case I can see where we touch path after freeing it. > } > >
diff --git a/elf/ldconfig.c b/elf/ldconfig.c index d14633f5ec..57bb95ebc3 100644 --- a/elf/ldconfig.c +++ b/elf/ldconfig.c @@ -735,9 +735,9 @@ manual_link (char *library) create_links (real_path, path, libname, soname); free (soname); out: - free (path); if (path != real_path) free (real_path); + free (path); }