From: Nick Alcock Date: Mon, 29 Jul 2024 11:45:09 +0000 (+0100) Subject: libctf: fix ref leak of names of newly-inserted non-root-visible types X-Git-Tag: gdb-16-branchpoint~1260 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=21397b78f9a617c22cfafbf1eebd6fc4b2ecc160;p=thirdparty%2Fbinutils-gdb.git libctf: fix ref leak of names of newly-inserted non-root-visible types A bug in ctf_dtd_delete led to refs in the string table to the names of non-root-visible types not being removed when the DTD was. This seems harmless, but actually it would lead to a write down a pointer into freed memory if such a type was ctf_rollback()ed over and then the dict was serialized (updating all the refs as the strtab was serialized in turn). Bug introduced in commit fe4c2d55634c700ba527ac4183e05c66e9f93c62 ("libctf: create: non-root-visible types should not appear in name tables") which is included in binutils 2.35. libctf/ * ctf-create.c (ctf_dtd_delete): Remove refs for all types with names, not just root-visible ones. --- diff --git a/libctf/ctf-create.c b/libctf/ctf-create.c index a7544955212..0c8959a997e 100644 --- a/libctf/ctf-create.c +++ b/libctf/ctf-create.c @@ -258,10 +258,10 @@ ctf_dtd_delete (ctf_dict_t *fp, ctf_dtdef_t *dtd) dtd->dtd_vlen_alloc = 0; if (dtd->dtd_data.ctt_name - && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL - && LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info)) + && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL) { - ctf_dynhash_remove (ctf_name_table (fp, name_kind), name); + if (LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info)) + ctf_dynhash_remove (ctf_name_table (fp, name_kind), name); ctf_str_remove_ref (fp, name, &dtd->dtd_data.ctt_name); }