libdwfl: Fix memory leak in link_map.c dwfl_link_map_report.

The phdrs buffer could come from the core file or through the executable.
dwfl_link_map_report would leak the buffer if it came from the executable.
Track where the buffer came from and free appropriately.

Signed-off-by: Mark Wielaard <mjw@redhat.com>

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 3916cbf5730f8712ab5dcea0a9875b065ccc23ca..d815f3e5c694518bd850044cc573347133e9fdb9 100644 (file)
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2015-12-01  Mark Wielaard  <mjw@redhat.com>
+
+       * link_map.c (dwfl_link_map_report): Track whether in.d_buf comes
+       from exec or memory_callback, free as appropriate.
+
 2015-12-01  Mark Wielaard  <mjw@redhat.com>
 
        * libdwflP.h (struct Dwfl_User_Core): New.

diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index e73b21955fa57f9ab7bbea4ba7c42136a8bc9c70..2bc0400664086a79ec835e2f3da4407b63dd7e94 100644 (file)
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -791,6 +791,7 @@ dwfl_link_map_report (Dwfl *dwfl, const void *auxv, size_t auxv_size,
          bool in_ok = (*memory_callback) (dwfl, phdr_segndx, &in.d_buf,
                                           &in.d_size, phdr, phnum * phent,
                                           memory_callback_arg);
+         bool in_from_exec = false;
          if (! in_ok
              && dwfl->user_core != NULL
              && dwfl->user_core->executable_for_core != NULL)
@@ -855,6 +856,7 @@ dwfl_link_map_report (Dwfl *dwfl, const void *auxv, size_t auxv_size,
                  return false;
                }
              in_ok = true;
+             in_from_exec = true;
            }
          if (in_ok)
            {
@@ -903,8 +905,11 @@ dwfl_link_map_report (Dwfl *dwfl, const void *auxv, size_t auxv_size,
                    }
                }
 
-             (*memory_callback) (dwfl, -1, &in.d_buf, &in.d_size, 0, 0,
-                                 memory_callback_arg);
+             if (in_from_exec)
+               free (in.d_buf);
+             else
+               (*memory_callback) (dwfl, -1, &in.d_buf, &in.d_size, 0, 0,
+                                   memory_callback_arg);
              free (buf);
            }
          else