If read_symbols() fails during second list traversal (the one dealing with ".cold" subfunctions) it frees the symbol, but never deletes it from the list/hash_table resulting in symbol being freed again in elf_close().
Fixes: 13810435b9a7 "objtool: Support GCC 8's cold subfunctions" Signed-off-by: Artem Savkov <[email protected]> --- tools/objtool/elf.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c index 6dbb9fae0f9d..3decd43477df 100644 --- a/tools/objtool/elf.c +++ b/tools/objtool/elf.c @@ -312,7 +312,7 @@ static int read_symbols(struct elf *elf) if (!pfunc) { WARN("%s(): can't find parent function", sym->name); - goto err; + goto cold_err; } sym->pfunc = pfunc; @@ -336,6 +336,9 @@ static int read_symbols(struct elf *elf) return 0; +cold_err: + list_del(&sym->list); + hash_del(&sym->hash); err: free(sym); return -1; -- 2.17.2
