[12/12] libctf: do not crash when CTF symbol or variable linking fails

Message ID 20201025141413.363381-13-nick.alcock@oracle.com
State New
Headers show
Series
  • CTF symbol functionality
Related show

Commit Message

Mike Frysinger via Binutils Oct. 25, 2020, 2:14 p.m.
When linking fails, we delete all the generated outputs, but we fail to
remove them from the ctf_link_outputs hash we stuck them in before doing
symbol and variable section linking (which we had to do because that's
where ctf_create_per_cu, used by both, looks for them).  This leaves
stale pointers to freed memory behind, and crashes soon follow.

Fix obvious.

libctf/ChangeLog
2020-10-23  Nick Alcock  <nick.alcock@oracle.com>

	* ctf-link.c (ctf_link_deduplicating): Clean up the ctf_link_outputs
	hash on error.
---
 libctf/ctf-link.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

-- 
2.29.0.249.g249b51256f

Patch

diff --git a/libctf/ctf-link.c b/libctf/ctf-link.c
index 4b86ca98095..cdf3db3a7c3 100644
--- a/libctf/ctf-link.c
+++ b/libctf/ctf-link.c
@@ -1616,18 +1616,14 @@  ctf_link_deduplicating (ctf_dict_t *fp)
     {
       ctf_err_warn (fp, 0, 0, _("deduplicating link variable emission failed for "
 				"%s"), ctf_link_input_name (fp));
-      for (i = 1; i < noutputs; i++)
-	ctf_dict_close (outputs[i]);
-      goto err;
+      goto err_clean_outputs;
     }
 
   if (ctf_link_deduplicating_syms (fp, inputs, ninputs, 0) < 0)
     {
       ctf_err_warn (fp, 0, 0, _("deduplicating link symbol emission failed for "
 				"%s"), ctf_link_input_name (fp));
-      for (i = 1; i < noutputs; i++)
-	ctf_dict_close (outputs[i]);
-      goto err;
+      goto err_clean_outputs;
     }
 
   /* Now close all the inputs, including per-CU intermediates.  */
@@ -1647,6 +1643,14 @@  ctf_link_deduplicating (ctf_dict_t *fp)
   free (parents);
   free (outputs);
   return;
+
+ err_clean_outputs:
+  for (i = 1; i < noutputs; i++)
+    {
+      ctf_dynhash_remove (fp->ctf_link_outputs, ctf_cuname (outputs[i]));
+      ctf_dict_close (outputs[i]);
+    }
+  goto err;
 }
 
 /* Merge types and variable sections in all files added to the link