From: Tom de Vries <tdevries@suse.de>
Date: Tue, 27 Jan 2026 09:40:06 +0000 (+0100)
Subject: [bfd] Fix data race in bfd_check_format_matches
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd14b62e42e11a374a1f90d194db28c5b37c43fb;p=thirdparty%2Fbinutils-gdb.git

[bfd] Fix data race in bfd_check_format_matches

At the start of bfd_check_format_matches, we have this read of_bfd_section_id:
...
  unsigned int initial_section_id = _bfd_section_id;
...

In order to access the variable, it is required to hold the global BFD lock.

The function already contains code acquiring the lock:
...
  /* Locking is required here in order to manage _bfd_section_id.  */
  if (!bfd_lock ())
    {
      bfd_cache_set_uncloseable (abfd, old_in_format_matches, NULL);
      free (matching_vector);
      return false;
    }
...
so fix this by moving the read after it.

Tested on x86_64-linux.

Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=33826
---

diff --git a/bfd/format.c b/bfd/format.c
index f35230eb28b..2d35f59cd85 100644
--- a/bfd/format.c
+++ b/bfd/format.c
@@ -452,7 +452,7 @@ bfd_check_format_matches (bfd *abfd, bfd_format format, char ***matching)
   const bfd_target *fail_targ;
   int match_count, best_count, best_match;
   int ar_match_index;
-  unsigned int initial_section_id = _bfd_section_id;
+  unsigned int initial_section_id;
   struct bfd_preserve preserve, preserve_match;
   bfd_cleanup cleanup = NULL;
   struct per_xvec_messages messages = { abfd, PER_XVEC_NO_TARGET, NULL, NULL };
@@ -492,6 +492,7 @@ bfd_check_format_matches (bfd *abfd, bfd_format format, char ***matching)
       free (matching_vector);
       return false;
     }
+  initial_section_id = _bfd_section_id;
 
   /* Presume the answer is yes.  */
   abfd->format = format;