From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-29751-listarch-gdb-patches=sources.redhat.com@sources.redhat.com>
Received: (qmail 29025 invoked by alias); 9 Jan 2004 08:22:25 -0000
Mailing-List: contact gdb-patches-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:gdb-patches-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sources.redhat.com>
List-Help: <mailto:gdb-patches-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: gdb-patches-owner@sources.redhat.com
Received: (qmail 28991 invoked from network); 9 Jan 2004 08:22:14 -0000
Received: from unknown (HELO nile.gnat.com) (205.232.38.5)
  by sources.redhat.com with SMTP; 9 Jan 2004 08:22:14 -0000
Received: by nile.gnat.com (Postfix, from userid 1345)
	id E045AF2D8D; Fri,  9 Jan 2004 03:22:13 -0500 (EST)
From: Paul Hilfinger <hilfingr@gnat.com>
To: gdb-patches@sources.redhat.com
Subject: [RFA] breakpoint.c: Avoid double freeing in breakpoint_re_set_one
Message-Id: <20040109082213.E045AF2D8D@nile.gnat.com>
Date: Fri, 09 Jan 2004 08:22:00 -0000
X-SW-Source: 2004-01/txt/msg00236.txt.bz2


Here's a subtle little number discovered while looking at something entirely
different.  breakpoint_re_set_one is called from within a catch handler.
If the calls to parse_exp_1 for the condition error out due to, say, 
the presence of a symbol that has become undefined, a cond field may 
get freed twice.  Tested on Linux without regression.  OK to commit?

2004-01-09  Paul N. Hilfinger  <nile@gnat.com>

	* breakpoint.c: Update copyright to include 2004.
	(breakpoint_re_set_one): Set b->cond to NULL after freeing
	so that error during re-parsing of breakpoint condition
	does not eventually lead to re-freeing of storage.

Index: current-public.39/gdb/breakpoint.c
--- current-public.39/gdb/breakpoint.c Sun, 04 Jan 2004 17:51:24 -0800 hilfingr (GdbPub/g/23_breakpoint 1.1.1.7.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 644)
+++ current-public.39(w)/gdb/breakpoint.c Fri, 09 Jan 2004 00:16:01 -0800 hilfingr (GdbPub/g/23_breakpoint 1.1.1.7.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 644)
@@ -1,8 +1,8 @@
 /* Everything about breakpoints, for GDB.
 
    Copyright 1986, 1987, 1988, 1989, 1990, 1991, 1992, 1993, 1994,
-   1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 Free Software
-   Foundation, Inc.
+   1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 
+   Free Software Foundation, Inc.
 
    This file is part of GDB.
 
@@ -7009,6 +7009,9 @@ breakpoint_re_set_one (void *bint)
 	      s = b->cond_string;
 	      if (b->cond)
 		xfree (b->cond);
+	      /* Set b->cond to NULL to avoid re-freeing later if error
+		 during parse_exp_1. */
+	      b->cond = NULL;
 	      b->cond = parse_exp_1 (&s, block_for_pc (sals.sals[i].pc), 0);
 	    }
 
@@ -7092,6 +7095,9 @@ breakpoint_re_set_one (void *bint)
 	  s = b->cond_string;
 	  if (b->cond)
 	    xfree (b->cond);
+	  /* Set b->cond to NULL to avoid re-freeing later if error
+	     during parse_exp_1. */
+	  b->cond = NULL;
 	  b->cond = parse_exp_1 (&s, (struct block *) 0, 0);
 	}
       if (breakpoint_enabled (b))