[Bug binutils/24058] New: objdump memory leaks in readelf.c

Thu, 03 Jan 2019 10:04:45 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=24058

            Bug ID: 24058
           Summary: objdump memory leaks in readelf.c
           Product: binutils
           Version: 2.31
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 0x0keeper at gmail dot com
  Target Milestone: ---

Created attachment 11509
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11509&action=edit
binutil-objdump-memory-leaks-readelf

hi,binutils team.i found there is memory leaks in readelf.c, when used objdump. 
here is AddressSanitizer info.

./objdump   -W poc



........
==21635==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 54 byte(s) in 2 object(s) allocated from:
    #0 0x4b91a8 in __interceptor_malloc
(/root/fuzz/binutils-2.31/binutils/readelf+0x4b91a8)
    #1 0x4eb374 in get_data /root/fuzz/binutils-2.31/binutils/readelf.c:425:9
    #2 0x5548f0 in get_section_contents
/root/fuzz/binutils-2.31/binutils/readelf.c:13243:20
    #3 0x5548f0 in process_notes_at
/root/fuzz/binutils-2.31/binutils/readelf.c:18179
    #4 0x5126a9 in process_note_sections
/root/fuzz/binutils-2.31/binutils/readelf.c:18456:10
    #5 0x5126a9 in process_notes
/root/fuzz/binutils-2.31/binutils/readelf.c:18492
    #6 0x5126a9 in process_object
/root/fuzz/binutils-2.31/binutils/readelf.c:18850
    #7 0x4ee043 in process_file
/root/fuzz/binutils-2.31/binutils/readelf.c:19259:13
    #8 0x4ee043 in main /root/fuzz/binutils-2.31/binutils/readelf.c:19318
    #9 0x7fb198cba82f in __libc_start_main
/build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291

SUMMARY: AddressSanitizer: 54 byte(s) leaked in 2 allocation(s).


code in binutils-2.31/binutils/readelf.c:425:9
https://github.com/bminor/binutils-gdb/blob/master/binutils/readelf.c#L424


 mvar = var;
  if (mvar == NULL)
    {
      /* Check for overflow.  */
      if (nmemb < (~(bfd_size_type) 0 - 1) / size)
        /* + 1 so that we can '\0' terminate invalid string table sections.  */
        mvar = malloc ((size_t) amt + 1);

      if (mvar == NULL)
        {
          if (reason)
            error (_("Out of memory allocating %s bytes for %s\n"),
                   bfd_vmatoa ("u", amt), reason);
          return NULL;
        }

      ((char *) mvar)[amt] = '\0';
    }

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to