From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-112274-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 6139 invoked by alias); 9 May 2014 14:35:54 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Received: (qmail 6078 invoked by uid 89); 9 May 2014 14:35:53 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: mail-gw1-out.broadcom.com
Received: from mail-gw1-out.broadcom.com (HELO mail-gw1-out.broadcom.com) (216.31.210.62) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 09 May 2014 14:35:51 +0000
Received: from irvexchcas08.broadcom.com (HELO IRVEXCHCAS08.corp.ad.broadcom.com) ([10.9.208.57])  by mail-gw1-out.broadcom.com with ESMTP; 09 May 2014 08:51:37 -0700
Received: from IRVEXCHSMTP1.corp.ad.broadcom.com (10.9.207.51) by IRVEXCHCAS08.corp.ad.broadcom.com (10.9.208.57) with Microsoft SMTP Server (TLS) id 14.3.174.1; Fri, 9 May 2014 07:35:50 -0700
Received: from mail-irva-13.broadcom.com (10.10.10.20) by IRVEXCHSMTP1.corp.ad.broadcom.com (10.9.207.51) with Microsoft SMTP Server id 14.3.174.1; Fri, 9 May 2014 07:35:50 -0700
Received: from xl-cam-21.broadcom.com (xl-cam-21.cam.broadcom.com [10.177.132.81])	by mail-irva-13.broadcom.com (Postfix) with ESMTP id B3B865D818;	Fri,  9 May 2014 07:35:49 -0700 (PDT)
Received: by xl-cam-21.broadcom.com (Postfix, from userid 15136)	id 116AE2CE899E; Fri,  9 May 2014 15:35:49 +0100 (BST)
From: Andrew Burgess <aburgess@broadcom.com>
To: <gcc-patches@gcc.gnu.org>
CC: <jason@redhat.com>, <gdb-patches@sourceware.org>, Andrew Burgess	<aburgess@broadcom.com>
Subject: [PATCH] cplus-demangler, free resource after a failed call to gnu_special.
Date: Fri, 09 May 2014 14:35:00 -0000
Message-ID: <1399646123-9960-1-git-send-email-aburgess@broadcom.com>
MIME-Version: 1.0
Content-Type: text/plain
X-IsSubscribed: yes
X-SW-Source: 2014-05/txt/msg00112.txt.bz2

Fixes issue:
  https://sourceware.org/bugzilla/show_bug.cgi?id=16817

A call to gnu_special within internal_cplus_demangle could cause memory
resources to be allocated, even if the demangle eventually fails.  The
following call into demangle_prefix will then be passed some partially
initialised state.

I've only tested this against the libiberty "make check" and against gdb on
x86-64 linux.

I don't have write access for gcc svn, but Broadcom does have a copyright
assignment in place for gcc, so if this patch is approved, could someone
apply it please.

Thanks,
Andrew



libiberty/ChangeLog

	* cplus-dmem.c (internal_cplus_demangle): Free any resources
	allocated by possible previous call to gnu_special.
	(squangle_mop_up): Reset pointers to NULL after calling free.
	* testsuite/demangle-expected: New test case.
---
 libiberty/cplus-dem.c                 | 7 +++++++
 libiberty/testsuite/demangle-expected | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/libiberty/cplus-dem.c b/libiberty/cplus-dem.c
index e948487..1c41c6f 100644
--- a/libiberty/cplus-dem.c
+++ b/libiberty/cplus-dem.c
@@ -1175,6 +1175,11 @@ internal_cplus_demangle (struct work_stuff *work, const char *mangled)
       if ((AUTO_DEMANGLING || GNU_DEMANGLING))
 	{
 	  success = gnu_special (work, &mangled, &decl);
+          if (!success)
+            {
+              delete_work_stuff (work);
+              string_delete (&decl);
+            }
 	}
       if (!success)
 	{
@@ -1218,10 +1223,12 @@ squangle_mop_up (struct work_stuff *work)
   if (work -> btypevec != NULL)
     {
       free ((char *) work -> btypevec);
+      work->btypevec = NULL;
     }
   if (work -> ktypevec != NULL)
     {
       free ((char *) work -> ktypevec);
+      work->ktypevec = NULL;
     }
 }
 
diff --git a/libiberty/testsuite/demangle-expected b/libiberty/testsuite/demangle-expected
index 453f9a3..864ee7e 100644
--- a/libiberty/testsuite/demangle-expected
+++ b/libiberty/testsuite/demangle-expected
@@ -4343,3 +4343,8 @@ cereal::detail::InputBindingMap<cereal::JSONInputArchive>::Serializers cereal::p
 --format=gnu-v3
 _ZNSt9_Any_data9_M_accessIPZ4postISt8functionIFvvEEEvOT_EUlvE_EERS5_v
 void post<std::function<void ()> >(std::function<void ()>&&)::{lambda()#1}*& std::_Any_data::_M_access<void post<std::function<void ()> >(void post<std::function<void ()> >(std::function<void ()>&&)::{lambda()#1}*&&)::{lambda()#1}*>()
+# https://sourceware.org/bugzilla/show_bug.cgi?id=16817
+--format=auto --no-params
+_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z
+_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z
+_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z
-- 
1.8.1.3