This is the mail archive of the gdb-patches@sources.redhat.com mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[RFA] breakpoint.c: Avoid double freeing in breakpoint_re_set_one

From: Paul Hilfinger <hilfingr at gnat dot com>
To: gdb-patches at sources dot redhat dot com
Date: Fri, 9 Jan 2004 03:22:13 -0500 (EST)
Subject: [RFA] breakpoint.c: Avoid double freeing in breakpoint_re_set_one

Here's a subtle little number discovered while looking at something entirely
different.  breakpoint_re_set_one is called from within a catch handler.
If the calls to parse_exp_1 for the condition error out due to, say, 
the presence of a symbol that has become undefined, a cond field may 
get freed twice.  Tested on Linux without regression.  OK to commit?

2004-01-09  Paul N. Hilfinger  <nile@gnat.com>

	* breakpoint.c: Update copyright to include 2004.
	(breakpoint_re_set_one): Set b->cond to NULL after freeing
	so that error during re-parsing of breakpoint condition
	does not eventually lead to re-freeing of storage.

Index: current-public.39/gdb/breakpoint.c
--- current-public.39/gdb/breakpoint.c Sun, 04 Jan 2004 17:51:24 -0800 hilfingr (GdbPub/g/23_breakpoint 1.1.1.7.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 644)
+++ current-public.39(w)/gdb/breakpoint.c Fri, 09 Jan 2004 00:16:01 -0800 hilfingr (GdbPub/g/23_breakpoint 1.1.1.7.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 644)
@@ -1,8 +1,8 @@
 /* Everything about breakpoints, for GDB.
 
    Copyright 1986, 1987, 1988, 1989, 1990, 1991, 1992, 1993, 1994,
-   1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 Free Software
-   Foundation, Inc.
+   1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 
+   Free Software Foundation, Inc.
 
    This file is part of GDB.
 
@@ -7009,6 +7009,9 @@ breakpoint_re_set_one (void *bint)
 	      s = b->cond_string;
 	      if (b->cond)
 		xfree (b->cond);
+	      /* Set b->cond to NULL to avoid re-freeing later if error
+		 during parse_exp_1. */
+	      b->cond = NULL;
 	      b->cond = parse_exp_1 (&s, block_for_pc (sals.sals[i].pc), 0);
 	    }
 
@@ -7092,6 +7095,9 @@ breakpoint_re_set_one (void *bint)
 	  s = b->cond_string;
 	  if (b->cond)
 	    xfree (b->cond);
+	  /* Set b->cond to NULL to avoid re-freeing later if error
+	     during parse_exp_1. */
+	  b->cond = NULL;
 	  b->cond = parse_exp_1 (&s, (struct block *) 0, 0);
 	}
       if (breakpoint_enabled (b))

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]