52 lines
1.8 KiB
Diff
52 lines
1.8 KiB
Diff
From 0daea2d62ccdcf453d0885571aab1aca05bc847d Mon Sep 17 00:00:00 2001
|
|
From: Nick Alcock <nick.alcock@oracle.com>
|
|
Date: Mon, 29 Jul 2024 12:45:09 +0100
|
|
Subject: [PATCH] libctf: fix ref leak of names of newly-inserted
|
|
non-root-visible types
|
|
|
|
A bug in ctf_dtd_delete led to refs in the string table to the
|
|
names of non-root-visible types not being removed when the DTD
|
|
was. This seems harmless, but actually it would lead to a write
|
|
down a pointer into freed memory if such a type was ctf_rollback()ed
|
|
over and then the dict was serialized (updating all the refs as the
|
|
strtab was serialized in turn).
|
|
|
|
Bug introduced in commit fe4c2d55634c700ba527ac4183e05c66e9f93c62
|
|
("libctf: create: non-root-visible types should not appear in name tables")
|
|
which is included in binutils 2.35.
|
|
|
|
libctf/
|
|
* ctf-create.c (ctf_dtd_delete): Remove refs for all types
|
|
with names, not just root-visible ones.
|
|
|
|
Reference:https://github.com/bminor/binutils-gdb/commit/0daea2d62ccdcf453d0885571aab1aca05bc847d
|
|
Conflict:NA
|
|
|
|
---
|
|
libctf/ctf-create.c | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/libctf/ctf-create.c b/libctf/ctf-create.c
|
|
index 2d232d40..2a45192b 100644
|
|
--- a/libctf/ctf-create.c
|
|
+++ b/libctf/ctf-create.c
|
|
@@ -288,11 +288,11 @@ ctf_dtd_delete (ctf_dict_t *fp, ctf_dtdef_t *dtd)
|
|
dtd->dtd_vlen_alloc = 0;
|
|
|
|
if (dtd->dtd_data.ctt_name
|
|
- && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL
|
|
- && LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info))
|
|
+ && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL)
|
|
{
|
|
- ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable,
|
|
- name);
|
|
+ if (LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info))
|
|
+ ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable,
|
|
+ name);
|
|
ctf_str_remove_ref (fp, name, &dtd->dtd_data.ctt_name);
|
|
}
|
|
|
|
--
|
|
2.43.0
|
|
|