PR24955, libbfd terminating program on out of memory

This patch fixes the worst of the cases where libbfd might terminate a program due to calling xstrdup or xmalloc. I've also fixed some error paths that didn't clean up properly. PR 24955 * libbfd-in.h (bfd_strdup): New inline function. * archive.c (_bfd_get_elt_at_filepos): Use bfd_strdup. Close bfd on error. * elfcode.h (_bfd_elf_bfd_from_remote_memory): Use bfd_strdup. * opncls.c (bfd_fopen): Use bfd_strdup. Close fd and stream on error. (bfd_openstreamr): Use bfd_strdup. (bfd_openr_iovec, bfd_openw, bfd_create): Likewise. * plugin.c (try_load_plugin): Use bfd_malloc. * libbfd.h: Regenerate.
2019-09-02 16:13:05 +09:30 · 2019-09-02 16:13:05 +09:30 · 89bdc77eab
commit 89bdc77eab
parent 809f915398
7 changed files with 87 additions and 11 deletions
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@ -1,3 +1,17 @@
 2019-09-05  Alan Modra  <amodra@gmail.com>
 	PR 24955
 	* libbfd-in.h (bfd_strdup): New inline function.
 	* archive.c (_bfd_get_elt_at_filepos): Use bfd_strdup.  Close
 	bfd on error.
 	* elfcode.h (_bfd_elf_bfd_from_remote_memory): Use bfd_strdup.
 	* opncls.c (bfd_fopen): Use bfd_strdup.  Close fd and stream
 	on error.
 	(bfd_openstreamr): Use bfd_strdup.
 	(bfd_openr_iovec, bfd_openw, bfd_create): Likewise.
 	* plugin.c (try_load_plugin): Use bfd_malloc.
 	* libbfd.h: Regenerate.
 2019-09-02  Alan Modra  <amodra@gmail.com>
 	PR 11983
--- a/bfd/archive.c
+++ b/bfd/archive.c
@ -728,7 +728,9 @@ _bfd_get_elt_at_filepos (bfd *archive, file_ptr filepos)
  else
    {
      n_bfd->origin = n_bfd->proxy_origin;
-      n_bfd->filename = xstrdup (filename);
+      n_bfd->filename = bfd_strdup (filename);
      if (n_bfd->filename == NULL)
 	goto out;
    }
  n_bfd->arelt_data = new_areldata;
@ -745,8 +747,10 @@ _bfd_get_elt_at_filepos (bfd *archive, file_ptr filepos)
      || _bfd_add_bfd_to_archive_cache (archive, filepos, n_bfd))
    return n_bfd;
 out:
  free (new_areldata);
  n_bfd->arelt_data = NULL;
  bfd_close (n_bfd);
  return NULL;
 }
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@ -1652,6 +1652,7 @@ NAME(_bfd_elf,bfd_from_remote_memory)
  bfd_vma high_offset;
  bfd_vma shdr_end;
  bfd_vma loadbase;
  char *filename;
  /* Read in the ELF header in external format.  */
  err = target_read_memory (ehdr_vma, (bfd_byte *) &x_ehdr, sizeof x_ehdr);
@ -1859,14 +1860,22 @@ NAME(_bfd_elf,bfd_from_remote_memory)
      free (contents);
      return NULL;
    }
-  nbfd = _bfd_new_bfd ();
+  filename = bfd_strdup ("<in-memory>");
-  if (nbfd == NULL)
+  if (filename == NULL)
    {
      free (bim);
      free (contents);
      return NULL;
    }
-  nbfd->filename = xstrdup ("<in-memory>");
+  nbfd = _bfd_new_bfd ();
  if (nbfd == NULL)
    {
      free (filename);
      free (bim);
      free (contents);
      return NULL;
    }
  nbfd->filename = filename;
  nbfd->xvec = templ->xvec;
  bim->size = high_offset;
  bim->buffer = contents;
--- a/bfd/libbfd-in.h
+++ b/bfd/libbfd-in.h
@ -123,6 +123,15 @@ extern void *bfd_realloc2
 extern void *bfd_zmalloc2
  (bfd_size_type, bfd_size_type) ATTRIBUTE_HIDDEN;
 static inline char *
 bfd_strdup (const char *str)
 {
  size_t len = strlen (str) + 1;
  char *buf = bfd_malloc (len);
  if (buf != NULL)
    memcpy (buf, str, len);
  return buf;
 }
 /* These routines allocate and free things on the BFD's objalloc.  */
 extern void *bfd_alloc2
--- a/bfd/libbfd.h
+++ b/bfd/libbfd.h
@ -128,6 +128,15 @@ extern void *bfd_realloc2
 extern void *bfd_zmalloc2
  (bfd_size_type, bfd_size_type) ATTRIBUTE_HIDDEN;
 static inline char *
 bfd_strdup (const char *str)
 {
  size_t len = strlen (str) + 1;
  char *buf = bfd_malloc (len);
  if (buf != NULL)
    memcpy (buf, str, len);
  return buf;
 }
 /* These routines allocate and free things on the BFD's objalloc.  */
 extern void *bfd_alloc2
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@ -223,6 +223,8 @@ bfd_fopen (const char *filename, const char *target, const char *mode, int fd)
  if (nbfd->iostream == NULL)
    {
      bfd_set_error (bfd_error_system_call);
      if (fd != -1)
 	close (fd);
      _bfd_delete_bfd (nbfd);
      return NULL;
    }
@ -231,7 +233,13 @@ bfd_fopen (const char *filename, const char *target, const char *mode, int fd)
  /* PR 11983: Do not cache the original filename, but
     rather make a copy - the original might go away.  */
-  nbfd->filename = xstrdup (filename);
+  nbfd->filename = bfd_strdup (filename);
  if (nbfd->filename == NULL)
    {
      fclose (nbfd->iostream);
      _bfd_delete_bfd (nbfd);
      return NULL;
    }
  /* Figure out whether the user is opening the file for reading,
     writing, or both, by looking at the MODE argument.  */
@ -243,8 +251,9 @@ bfd_fopen (const char *filename, const char *target, const char *mode, int fd)
  else
    nbfd->direction = write_direction;
-  if (! bfd_cache_init (nbfd))
+  if (!bfd_cache_init (nbfd))
    {
      fclose (nbfd->iostream);
      _bfd_delete_bfd (nbfd);
      return NULL;
    }
@ -398,7 +407,12 @@ bfd_openstreamr (const char *filename, const char *target, void *streamarg)
  nbfd->iostream = stream;
  /* PR 11983: Do not cache the original filename, but
     rather make a copy - the original might go away.  */
-  nbfd->filename = xstrdup (filename);
+  nbfd->filename = bfd_strdup (filename);
  if (nbfd->filename == NULL)
    {
      _bfd_delete_bfd (nbfd);
      return NULL;
    }
  nbfd->direction = read_direction;
  if (! bfd_cache_init (nbfd))
@ -594,7 +608,12 @@ bfd_openr_iovec (const char *filename, const char *target,
  /* PR 11983: Do not cache the original filename, but
     rather make a copy - the original might go away.  */
-  nbfd->filename = xstrdup (filename);
+  nbfd->filename = bfd_strdup (filename);
  if (nbfd->filename == NULL)
    {
      _bfd_delete_bfd (nbfd);
      return NULL;
    }
  nbfd->direction = read_direction;
  /* `open_p (...)' would get expanded by an the open(2) syscall macro.  */
@ -661,7 +680,12 @@ bfd_openw (const char *filename, const char *target)
  /* PR 11983: Do not cache the original filename, but
     rather make a copy - the original might go away.  */
-  nbfd->filename = xstrdup (filename);
+  nbfd->filename = bfd_strdup (filename);
  if (nbfd->filename == NULL)
    {
      _bfd_delete_bfd (nbfd);
      return NULL;
    }
  nbfd->direction = write_direction;
  if (bfd_open_file (nbfd) == NULL)
@ -801,7 +825,12 @@ bfd_create (const char *filename, bfd *templ)
    return NULL;
  /* PR 11983: Do not cache the original filename, but
     rather make a copy - the original might go away.  */
-  nbfd->filename = xstrdup (filename);
+  nbfd->filename = bfd_strdup (filename);
  if (nbfd->filename == NULL)
    {
      _bfd_delete_bfd (nbfd);
      return NULL;
    }
  if (templ)
    nbfd->xvec = templ->xvec;
  nbfd->direction = no_direction;
--- a/bfd/plugin.c
+++ b/bfd/plugin.c
@ -262,7 +262,9 @@ try_load_plugin (const char *pname, bfd *abfd, int *has_plugin_p)
 	}
    }
-  plugin_list_iter = (struct plugin_list_entry *) xmalloc (sizeof *plugin_list_iter);
+  plugin_list_iter = bfd_malloc (sizeof *plugin_list_iter);
  if (plugin_list_iter == NULL)
    return 0;
  plugin_list_iter->handle = plugin_handle;
  plugin_list_iter->claim_file = NULL;
  plugin_list_iter->next = plugin_list;