[PATCH] Fix double-free crash in gdbpy_search_memory.
Jan Kratochvil
jan.kratochvil@redhat.com
Tue Feb 24 01:06:00 GMT 2009
commit 20340ed988af98c24acd5efac0f36b015d3caf6a
Any cleanups get automatically executed on an exception. Therefore the current
code was executing the cleanup handlers twice causing a crash. Unreproducible
on archer-tromey-python but it was segfaulting gdb.python/find.exp in a merged
tree.
* python/python.c (gdbpy_search_memory): Move `cleanups' and its
execution inside TRY_CATCH. New comment on `cleanups'.
---
gdb/python/python.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/gdb/python/python.c b/gdb/python/python.c
index 5836a15..9a2c00c 100644
--- a/gdb/python/python.c
+++ b/gdb/python/python.c
@@ -488,7 +488,6 @@ gdbpy_search_memory (PyObject *self, PyObject *args)
char *pattern_buf;
ULONGEST pattern_len, search_space_len;
PyObject *pattern, *list = NULL, *start_addr_obj;
- struct cleanup *cleanups = NULL;
volatile struct gdb_exception except;
/* Assume CORE_ADDR corresponds to unsigned long. */
@@ -534,7 +533,9 @@ gdbpy_search_memory (PyObject *self, PyObject *args)
{
if (get_search_pattern (pattern, size, &pattern_buf, &pattern_len))
{
- cleanups = make_cleanup (xfree, pattern_buf);
+ /* Any cleanups get automatically executed on an exception. */
+ struct cleanup *cleanups = make_cleanup (xfree, pattern_buf);
+
list = PyList_New (0);
while (search_space_len >= pattern_len && found_count < max_count)
@@ -550,14 +551,13 @@ gdbpy_search_memory (PyObject *self, PyObject *args)
PyList_Append (list, PyLong_FromUnsignedLong (found_addr));
++found_count;
}
+
+ do_cleanups (cleanups);
}
}
}
GDB_PY_HANDLE_EXCEPTION (except);
- if (cleanups)
- do_cleanups (cleanups);
-
return list;
}
--
1.6.0.6
More information about the Archer
mailing list