bfd: alpha: Fix crash caused by double free with --no-keep-memory

Without this, ld has been seen to crash in libc when freeing tsec_free:

*** Error in `/usr/bin/ld': double free or corruption (!prev): 0x0000000120ceb6a0 ***

_bfd_elf_link_read_relocs will always return the cached value if
present, even if keep_memory is false, therefore setting tsec_free to
NULL only when keep_memory is true is not sufficient.

	* elf64-alpha.c (elf64_alpha_relax_opt_call): Don't set tsec_free
	if relocs are cached.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index c129543fd742730f152a2ad0f08377a67689f422..76ff70c803d4e80f3835d6b529988a9a9d435172 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2017-01-04  James Clarke  <jrtc27@jrtc27.com>
+
+       * elf64-alpha.c (elf64_alpha_relax_opt_call): Don't set tsec_free
+       if relocs are cached.
+
 2017-01-02  Alan Modra  <amodra@gmail.com>
 
        PR ld/20989

diff --git a/bfd/elf64-alpha.c b/bfd/elf64-alpha.c
index 4fa474376689e0beec77d4d54c0495ddb634816c..b4a50f4e7773a657679ba8375cce3bde4fa73901 100644 (file)
--- a/bfd/elf64-alpha.c
+++ b/bfd/elf64-alpha.c
@@ -3215,7 +3215,9 @@ elf64_alpha_relax_opt_call (struct alpha_relax_info *info, bfd_vma symval)
          if (tsec_relocs == NULL)
            return 0;
          tsec_relend = tsec_relocs + info->tsec->reloc_count;
-         tsec_free = (info->link_info->keep_memory ? NULL : tsec_relocs);
+         tsec_free = (elf_section_data (info->tsec)->relocs == tsec_relocs
+                      ? NULL
+                      : tsec_relocs);
        }
 
       /* Recover the symbol's offset within the section.  */