| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181119175710.6tcqxtevhg422wsg@treble>
Date: Mon, 19 Nov 2018 11:57:10 -0600
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: Artem Savkov <asavkov@...hat.com>
Cc: Peter Zijlstra <peterz@...radead.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/2] objtool: fix failed cold symbol doublefree
On Mon, Nov 12, 2018 at 01:55:18PM +0100, Artem Savkov wrote:
> If read_symbols() fails during second list traversal (the one dealing
> with ".cold" subfunctions) it frees the symbol, but never deletes it
> from the list/hash_table resulting in symbol being freed again in
> elf_close().
>
> Fixes: 13810435b9a7 "objtool: Support GCC 8's cold subfunctions"
This needs parentheses, like:
Fixes: 13810435b9a7 ("objtool: Support GCC 8's cold subfunctions")
> Signed-off-by: Artem Savkov <asavkov@...hat.com>
> ---
> tools/objtool/elf.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
> index 6dbb9fae0f9d..3decd43477df 100644
> --- a/tools/objtool/elf.c
> +++ b/tools/objtool/elf.c
> @@ -312,7 +312,7 @@ static int read_symbols(struct elf *elf)
> if (!pfunc) {
> WARN("%s(): can't find parent function",
> sym->name);
> - goto err;
> + goto cold_err;
Since it will get freed properly in elf_close() anyway, maybe it would
be simpler to just 'return -1' here.
> }
>
> sym->pfunc = pfunc;
> @@ -336,6 +336,9 @@ static int read_symbols(struct elf *elf)
>
> return 0;
>
> +cold_err:
> + list_del(&sym->list);
> + hash_del(&sym->hash);
> err:
> free(sym);
> return -1;
> --
> 2.17.2
>
--
Josh
Powered by blists - more mailing lists