libctf: fix ref leak of names of newly-inserted non-root-visible types

A bug in ctf_dtd_delete led to refs in the string table to the
names of non-root-visible types not being removed when the DTD
was.  This seems harmless, but actually it would lead to a write
down a pointer into freed memory if such a type was ctf_rollback()ed
over and then the dict was serialized (updating all the refs as the
strtab was serialized in turn).

Bug introduced in commit fe4c2d55634c700ba527ac4183e05c66e9f93c62
("libctf: create: non-root-visible types should not appear in name tables")
which is included in binutils 2.35.

libctf/
	* ctf-create.c (ctf_dtd_delete): Remove refs for all types
	with names, not just root-visible ones.

diff --git a/libctf/ctf-create.c b/libctf/ctf-create.c
index a754495521279f7a0aa839dab8da99fd60b10d9e..0c8959a997e6ac5f838e3005b0bf17351ff4a1f2 100644 (file)
--- a/libctf/ctf-create.c
+++ b/libctf/ctf-create.c
@@ -258,10 +258,10 @@ ctf_dtd_delete (ctf_dict_t *fp, ctf_dtdef_t *dtd)
   dtd->dtd_vlen_alloc = 0;
 
   if (dtd->dtd_data.ctt_name
-      && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL
-      && LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info))
+      && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL)
     {
-      ctf_dynhash_remove (ctf_name_table (fp, name_kind), name);
+      if (LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info))
+       ctf_dynhash_remove (ctf_name_table (fp, name_kind), name);
       ctf_str_remove_ref (fp, name, &dtd->dtd_data.ctt_name);
     }