PR30828, notes obstack memory corruption

amodra · amodra · commit 9e99d10c9a7f · 2023-09-07T08:53:25.000+09:30
Commit 3bab069 carelessly allowed "string" to be released from the notes obstack twice, with the second call to obstack_free releasing memory for a fixup that just happened to be the same size as the original string. The fixup then of course was overwritten. This patch fixes that problem, and another that could occur on an error path. PR 30828 * stabs.c (s_stab_generic): Don't free string twice. Don't blow away entire notes obstack on a missing string.
diff --git a/gas/stabs.c b/gas/stabs.c
@@ -262,7 +262,7 @@ s_stab_generic (int what,
 	{
 	  as_warn (_(".stab%c: missing string"), what);
 	  ignore_rest_of_line ();
-	  goto out;
+	  goto out2;
 	}
       /* FIXME: We should probably find some other temporary storage
 	 for string, rather than leaking memory if someone else
@@ -350,7 +350,10 @@ s_stab_generic (int what,
 	 This must be done before creating symbols below, which uses
 	 the notes obstack.  */
       if (saved_string_obstack_end == obstack_next_free (&notes))
-	obstack_free (&notes, string);
+	{
+	  obstack_free (&notes, string);
+	  saved_string_obstack_end = NULL;
+	}
 
       /* At least for now, stabs in a special stab section are always
 	 output as 12 byte blocks of information.  */
@@ -398,6 +401,7 @@ s_stab_generic (int what,
  out:
   if (saved_string_obstack_end == obstack_next_free (&notes))
     obstack_free (&notes, string);
+ out2:
   subseg_set (saved_seg, saved_subseg);
 }
 
