From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-29855-listarch-gdb-patches=sources.redhat.com@sources.redhat.com>
Received: (qmail 15877 invoked by alias); 13 Jan 2004 10:06:02 -0000
Mailing-List: contact gdb-patches-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:gdb-patches-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sources.redhat.com>
List-Help: <mailto:gdb-patches-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: gdb-patches-owner@sources.redhat.com
Received: (qmail 15868 invoked from network); 13 Jan 2004 10:06:00 -0000
Received: from unknown (HELO nile.gnat.com) (205.232.38.5)
  by sources.redhat.com with SMTP; 13 Jan 2004 10:06:00 -0000
Received: by nile.gnat.com (Postfix, from userid 1345)
	id 42C1FF2D70; Tue, 13 Jan 2004 05:06:00 -0500 (EST)
From: Paul Hilfinger <hilfingr@gnat.com>
To: gdb-patches@sources.redhat.com
Subject: Re: [RFA] breakpoint.c: Avoid double freeing in breakpoint_re_set_one
Message-Id: <20040113100600.42C1FF2D70@nile.gnat.com>
Date: Tue, 13 Jan 2004 10:06:00 -0000
X-SW-Source: 2004-01/txt/msg00340.txt.bz2


Here is a follow-up on my earlier patch.  I found a couple of other 
instances of potential double freeing in the same routine.

OK?

Paul Hilfinger

2004-01-12  Paul N. Hilfinger  <hilfinger@gnat.com>

	* breakpoint.c: Update copyright to include 2004.
	(breakpoint_re_set_one): Set b->cond, b->val, and b->exp to NULL 
	after freeing so that error during re-parsing or evaluation
	of expressions associated with breakpoint don't eventually
	lead to re-freeing of storage.
	
Index: current-public.41/gdb/breakpoint.c
--- current-public.41/gdb/breakpoint.c Sun, 04 Jan 2004 17:51:24 -0800 hilfingr (GdbPub/g/23_breakpoint 1.1.1.7.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 644)
+++ current-public.41(w)/gdb/breakpoint.c Tue, 13 Jan 2004 01:17:24 -0800 hilfingr (GdbPub/g/23_breakpoint 1.1.1.7.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 644)
@@ -1,8 +1,8 @@
 /* Everything about breakpoints, for GDB.
 
    Copyright 1986, 1987, 1988, 1989, 1990, 1991, 1992, 1993, 1994,
-   1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 Free Software
-   Foundation, Inc.
+   1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 
+   Free Software Foundation, Inc.
 
    This file is part of GDB.
 
@@ -7009,6 +7009,8 @@ breakpoint_re_set_one (void *bint)
 	      s = b->cond_string;
 	      if (b->cond)
 		xfree (b->cond);
+	      /* Avoid re-freeing b->cond if error during parse_exp_1. */
+	      b->cond = NULL;
 	      b->cond = parse_exp_1 (&s, block_for_pc (sals.sals[i].pc), 0);
 	    }
 
@@ -7077,11 +7079,15 @@ breakpoint_re_set_one (void *bint)
       /* So for now, just use a global context.  */
       if (b->exp)
 	xfree (b->exp);
+      /* Avoid re-freeing b->exp if error during parse_expression. */
+      b->exp = NULL;
       b->exp = parse_expression (b->exp_string);
       b->exp_valid_block = innermost_block;
       mark = value_mark ();
       if (b->val)
 	value_free (b->val);
+      /* Avoid re-freeing b->val if error during evaluate_expression. */
+      b->val = NULL;
       b->val = evaluate_expression (b->exp);
       release_value (b->val);
       if (VALUE_LAZY (b->val) && breakpoint_enabled (b))
@@ -7092,6 +7098,8 @@ breakpoint_re_set_one (void *bint)
 	  s = b->cond_string;
 	  if (b->cond)
 	    xfree (b->cond);
+	  /* Avoid re-freeing b->cond if error during parse_exp_1. */
+	  b->cond = NULL;
 	  b->cond = parse_exp_1 (&s, (struct block *) 0, 0);
 	}
       if (breakpoint_enabled (b))