[PATCH] Fix double free in tui_source_element

Tom Tromey tom@tromey.com
Sun Aug 4 21:20:00 GMT 2019


>>>>> "Bogdan" == Bogdan Harjoc <harjoc@gmail.com> writes:

Bogdan> To reproduce, cycle a few times between these layouts: no tui, tui
Bogdan> one-window, tui two-windows (including some layout that shows
Bogdan> disassembly).

Bogdan> tui_set_source_content() expands win_info->content, and has to move
Bogdan> tui_source_element items to the new vector storage, destroying the
Bogdan> items in the old storage, and ~tui_source_element() calls xfree on
Bogdan> 'line'. Due to a missing copy ctor, items in the new storage have the
Bogdan> old 'line' pointer which eventually gets freed again. Patch is
Bogdan> attached, I added DISABLE_COPY_AND_ASSIGN() in a few more tui classes
Bogdan> to check for more similar issues.

Thanks.  I already have something like this on my big TUI refactoring
branch, but your patch is better.

It needs a ChangeLog entry.
Also, do you have a copyright assignment in place?

Tom



More information about the Gdb-patches mailing list