This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Fix double free in tui_source_element

From: Tom Tromey <tom at tromey dot com>
To: Bogdan Harjoc <harjoc at gmail dot com>
Cc: gdb-patches at sourceware dot org
Date: Sun, 04 Aug 2019 15:19:55 -0600
Subject: Re: [PATCH] Fix double free in tui_source_element
References: <CAF4+tmqQWAudA-og1vi0cVps+XK0FTWBWpwTuKVyz3u0sip=FQ@mail.gmail.com>

>>>>> "Bogdan" == Bogdan Harjoc <harjoc@gmail.com> writes:

Bogdan> To reproduce, cycle a few times between these layouts: no tui, tui
Bogdan> one-window, tui two-windows (including some layout that shows
Bogdan> disassembly).

Bogdan> tui_set_source_content() expands win_info->content, and has to move
Bogdan> tui_source_element items to the new vector storage, destroying the
Bogdan> items in the old storage, and ~tui_source_element() calls xfree on
Bogdan> 'line'. Due to a missing copy ctor, items in the new storage have the
Bogdan> old 'line' pointer which eventually gets freed again. Patch is
Bogdan> attached, I added DISABLE_COPY_AND_ASSIGN() in a few more tui classes
Bogdan> to check for more similar issues.

Thanks.  I already have something like this on my big TUI refactoring
branch, but your patch is better.

It needs a ChangeLog entry.
Also, do you have a copyright assignment in place?

Tom

References:
- [PATCH] Fix double free in tui_source_element
  - From: Bogdan Harjoc

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]