This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[patch] Fix completer access of an already freed memory
- From: Jan Kratochvil <jan dot kratochvil at redhat dot com>
- To: gdb-patches at sourceware dot org
- Cc: Tom Tromey <tromey at redhat dot com>
- Date: Sun, 23 Nov 2008 00:13:04 +0100
- Subject: [patch] Fix completer access of an already freed memory
Hi,
Fix a regression if you link gdb with -lmcheck:
-PASS: gdb.base/completion.exp: complete 'p values[0].a'
-PASS: gdb.base/completion.exp: complete 'p values[0] . a'
-PASS: gdb.base/completion.exp: complete 'p &values[0] -> a'
-PASS: gdb.base/completion.exp: cd to ${srcdir}
+FAIL: gdb.base/completion.exp: (timeout) complete 'p values[0].a' 2
+FAIL: gdb.base/completion.exp: (timeout) complete 'p values[0] . a' 2
+FAIL: gdb.base/completion.exp: (timeout) complete 'p &values[0] -> a' 2
+FAIL: gdb.base/completion.exp: cd to ${srcdir}
Regards,
Jan
2008-11-22 Jan Kratochvil <jan.kratochvil@redhat.com>
Fix access of an already freed memory.
* parse.c (parse_field_expression): Call xstrdup on `*name'.
* completer.c (expression_completer): Free fieldname.
--- gdb/completer.c 11 Jul 2008 15:07:52 -0000 1.27
+++ gdb/completer.c 22 Nov 2008 23:00:31 -0000
@@ -414,9 +414,11 @@ expression_completer (char *text, char *
add_struct_fields (type, &out, result, fieldname, flen);
result[out] = NULL;
+ xfree (fieldname);
return result;
}
}
+ xfree (fieldname);
/* Commands which complete on locations want to see the entire
argument. */
--- gdb/parse.c 2 Oct 2008 22:06:07 -0000 1.81
+++ gdb/parse.c 22 Nov 2008 23:00:34 -0000
@@ -1090,7 +1090,8 @@ parse_expression (char *string)
/* Parse STRING as an expression. If parsing ends in the middle of a
field reference, return the type of the left-hand-side of the
reference; furthermore, if the parsing ends in the field name,
- return the field name in *NAME. In all other cases, return NULL. */
+ return the field name in *NAME. In all other cases, return NULL.
+ Returned non-NULL *NAME must be freed by the caller. */
struct type *
parse_field_expression (char *string, char **name)
@@ -1120,6 +1121,9 @@ parse_field_expression (char *string, ch
xfree (exp);
return NULL;
}
+ /* (*NAME) is a part of the EXP memory block freed below. */
+ *name = xstrdup (*name);
+
val = evaluate_subexpression_type (exp, subexp);
xfree (exp);