https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88063
Bug ID: 88063
Summary: Libbacktrace leak on dwarf read failure
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libbacktrace
Assignee: unassigned at gcc dot gnu.org
Reporter: vries at gcc dot gnu.org
CC: ian at gcc dot gnu.org
Target Milestone: ---
I noticed in build_address_map that we allocate a struct unit:
...
u = ((struct unit *)
backtrace_alloc (state, sizeof *u, error_callback, data));
...
and deallocate it if find_address_ranges fails:
...
if (!find_address_ranges (state, base_address, &unit_buf,
dwarf_str, dwarf_str_size,
dwarf_ranges, dwarf_ranges_size,
is_bigendian, error_callback, data,
u, addrs, altlink))
{
free_abbrevs (state, &u->abbrevs, error_callback, data);
backtrace_free (state, u, sizeof *u, error_callback, data);
goto fail;
}
...
However, the allocation and deallocation is done in a loop over units, so if
find_address_ranges succeeds for the first unit, but fails for the second, then
only the first struct unit is freed, and the second struct unit is leaked.
