Correction of a crash in sim_memory_uninstall
Stephane Carrez
stcarrez@worldnet.fr
Sat Apr 3 12:27:00 GMT 1999
Hi!
I've found a problem in the common part of the simulator.
It crashes in `sim_memory_uninstall' when the simulator terminates.
The problem is when this operation walks a list and frees the
sim_memopt objects. It frees the entry (line 457, call to zfree)
and then gets the pointer to the next one, accessing the freed data
(line 461, *entry = (*entry)->next).
One fix consist in updating 'entry' before the while loop.
Hope this helps,
Stephane
*** /src/gnu/gdb-19990330/sim/common/sim-memopt.c Thu Jan 28 15:13:33
1999
--- sim-memopt.c Sat Apr 3 20:06:42 1999
***************
*** 449,454 ****
--- 449,457 ----
/* delete it and its aliases */
alias = *entry;
+
+ /* next victim */
+ *entry = (*entry)->next;
while (alias != NULL)
{
sim_memopt *dead = alias;
***************
*** 456,464 ****
sim_core_detach (sd, NULL, dead->level, dead->space, dead->addr);
zfree (dead);
}
-
- /* next victim */
- *entry = (*entry)->next;
}
}
--- 459,464 ----
More information about the Gdb-patches
mailing list