https://sourceware.org/bugzilla/show_bug.cgi?id=31146
Nick Clifton <nickc at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED CC| |nickc at redhat dot com Resolution|--- |NOTABUG --- Comment #1 from Nick Clifton <nickc at redhat dot com> --- (In reply to 时宇羽然 from comment #0) > Hi, I found a memory leak bug in the source code of binutils, and I have > shown > the execution sequence below. This bug exists in the file /bfd/elfxx-x86.c. > The red text illustrates the steps that generate the bug. > As shown in the diagram, in the function > _bfd_x86_elf_link_hash_table_create, a block of memory is allocated for the > variable ret->loc_hash_memory. However, if ret->loc_hash_table fails to be > created, it will result in returning NULL, potentially causing a memory leak > vulnerability. Thank you for reporting this problem. As it turns out however there is no leak. If ret->loc_hash_table is NULL and/or ret->loc_hash_memory is NULL then the code calls the elf_x86_link_hash_table_free() function which tests and frees both fields. Hence no leak. One thing that might not be obvious however is how the elf_x86_link_hash_table_free() function obtains the correct pointers to examine, since it is passed the "abfd" pointer and not the "ret" pointer. The answer to this is the call to _bfd_elf_link_hash_table_init() earlier on in the function, which is passed the address of the first field in "ret" (ie "&ret->elf") and this is then passed on to _bfd_link_hash_table_init() which then stores the value in the link.hash field of the bfd. I hope that this makes sense. -- You are receiving this mail because: You are on the CC list for the bug.