This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v2] gcc: fix segfault from calling free on non-malloc'd area


On 06/24/14 14:05, Paul Gortmaker wrote:
We see the following on a 32bit gcc installed on 64 bit host:

   Reading symbols from ./i586-pokymllib32-linux-gcc...done.
   (gdb) run
   Starting program: x86-pokymllib32-linux/lib32-gcc/4.9.0-r0/image/usr/bin/i586-pokymllib32-linux-gcc

   Program received signal SIGSEGV, Segmentation fault.
   0xf7e957e0 in free () from /lib/i386-linux-gnu/libc.so.6
   (gdb) bt
   #0  0xf7e957e0 in free () from /lib/i386-linux-gnu/libc.so.6
   #1  0x0804b73c in set_multilib_dir () at gcc-4.9.0/gcc/gcc.c:7827
   #2  main (argc=1, argv=0xffffd504) at gcc-4.9.0/gcc/gcc.c:6688
   (gdb)

The problem arises because we conditionally assign the pointer we
eventually free, and the conditional may assign the pointer to the
non-malloc'd internal string "." which fails when we free it here:

    if (multilib_dir == NULL && multilib_os_dir != NULL
        && strcmp (multilib_os_dir, ".") == 0)
      {
        free (CONST_CAST (char *, multilib_os_dir));
        ...

As suggested by Jakub, ensure the "." case is also malloc'd via
xstrdup() and hence the pointer for the "." case can be freed.

Cc: Jakub Jelinek <jakub@redhat.com>
Cc: Jeff Law <law@redhat.com>
Cc: Matthias Klose <doko@ubuntu.com>
CC: Tobias Burnus <burnus@net-b.de>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---

[v2: don't change the causality of the free() ; instead just make
  the "." pointer be malloc'd as well.  Note that I was unable to
  reproduce the broken-ness of my original (broken) patch with a
  direct build of trunk, with "./configure --prefix=/usr/local"
  but I also did re-test this new patch still fixed the error that
  we saw in yocto with gcc-4.9.0 with the invalid free segfault.]

  gcc/gcc.c | 13 +++++++++----
  1 file changed, 9 insertions(+), 4 deletions(-)
THanks.  Installed on the trunk.



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]