This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[patch] Fix completer access of an already freed memory


Hi,

Fix a regression if you link gdb with -lmcheck:

-PASS: gdb.base/completion.exp: complete 'p values[0].a'
-PASS: gdb.base/completion.exp: complete 'p values[0] . a'
-PASS: gdb.base/completion.exp: complete 'p &values[0] -> a'
-PASS: gdb.base/completion.exp: cd to ${srcdir}
+FAIL: gdb.base/completion.exp: (timeout) complete 'p values[0].a' 2
+FAIL: gdb.base/completion.exp: (timeout) complete 'p values[0] . a' 2
+FAIL: gdb.base/completion.exp: (timeout) complete 'p &values[0] -> a' 2
+FAIL: gdb.base/completion.exp: cd to ${srcdir}


Regards,
Jan
2008-11-22  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Fix access of an already freed memory.
	* parse.c (parse_field_expression): Call xstrdup on `*name'.
	* completer.c (expression_completer): Free fieldname.

--- gdb/completer.c	11 Jul 2008 15:07:52 -0000	1.27
+++ gdb/completer.c	22 Nov 2008 23:00:31 -0000
@@ -414,9 +414,11 @@ expression_completer (char *text, char *
 
 	  add_struct_fields (type, &out, result, fieldname, flen);
 	  result[out] = NULL;
+	  xfree (fieldname);
 	  return result;
 	}
     }
+  xfree (fieldname);
 
   /* Commands which complete on locations want to see the entire
      argument.  */
--- gdb/parse.c	2 Oct 2008 22:06:07 -0000	1.81
+++ gdb/parse.c	22 Nov 2008 23:00:34 -0000
@@ -1090,7 +1090,8 @@ parse_expression (char *string)
 /* Parse STRING as an expression.  If parsing ends in the middle of a
    field reference, return the type of the left-hand-side of the
    reference; furthermore, if the parsing ends in the field name,
-   return the field name in *NAME.  In all other cases, return NULL.  */
+   return the field name in *NAME.  In all other cases, return NULL.
+   Returned non-NULL *NAME must be freed by the caller.  */
 
 struct type *
 parse_field_expression (char *string, char **name)
@@ -1120,6 +1121,9 @@ parse_field_expression (char *string, ch
       xfree (exp);
       return NULL;
     }
+  /* (*NAME) is a part of the EXP memory block freed below.  */
+  *name = xstrdup (*name);
+
   val = evaluate_subexpression_type (exp, subexp);
   xfree (exp);
 

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]