Re: [patch]: Fix memory leak of c-exp.y

[Jan Kratochvil <jan.kratochvil@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 556 bytes --]

On Tue, 24 Jun 2008 08:32:44 +0200, teawater wrote:
> ChangeLog:
> 2008-06-21  Hui Zhu <teawater@gmail.com>
>        * gdb/c-exp.y: Fix memory leak of function parse_number

Agreed with the fix just IMO the block of code needs more cleanups.  [attached]
The leak was brought in by:
  http://sourceware.org/ml/gdb-patches/2007-10/msg00395.html

Just please check the GNU Coding Standards document for the ChangeLog style, it
should have been more like:

2008-06-21  Hui Zhu  <teawater@gmail.com>

	* c-exp.y (parse_number): Fix a memory leak.


Thanks,
Jan

[-- Attachment #2: gdb-c-exp-dfp-leaketc.patch --]
[-- Type: text/plain, Size: 2525 bytes --]

2008-06-24  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Fix a memory leak found by Hui Zhu <teawater@gmail.com>.
	* c-exp.y (parse_number): Move the S and SAVED_CHAR initialization
	after the DECFLOAT detection to fix a memory leak.  Remove the
	redundant NUM initialization.  Protect the DECFLOAT detection memory
	access before the P block.  Restore the P memory content for the
	DECFLOAT detection.

--- ./gdb/c-exp.y	9 Jun 2008 19:25:14 -0000	1.45
+++ ./gdb/c-exp.y	24 Jun 2008 13:03:26 -0000
@@ -1118,45 +1118,46 @@ parse_number (p, len, parsed_float, puti
   if (parsed_float)
     {
       /* It's a float since it contains a point or an exponent.  */
-      char *s = malloc (len);
-      int num = 0;	/* number of tokens scanned by scanf */
-      char saved_char = p[len];
-
-      p[len] = 0;	/* null-terminate the token */
+      char *s;
+      int num;	/* number of tokens scanned by scanf */
+      char saved_char;
 
       /* If it ends at "df", "dd" or "dl", take it as type of decimal floating
          point.  Return DECFLOAT.  */
 
-      if (p[len - 2] == 'd' && p[len - 1] == 'f')
+      if (len >= 2 && p[len - 2] == 'd' && p[len - 1] == 'f')
 	{
 	  p[len - 2] = '\0';
 	  putithere->typed_val_decfloat.type
 	    = builtin_type (current_gdbarch)->builtin_decfloat;
 	  decimal_from_string (putithere->typed_val_decfloat.val, 4, p);
-	  p[len] = saved_char;
-	  return (DECFLOAT);
+	  p[len - 2] = 'd';
+	  return DECFLOAT;
 	}
 
-      if (p[len - 2] == 'd' && p[len - 1] == 'd')
+      if (len >= 2 && p[len - 2] == 'd' && p[len - 1] == 'd')
 	{
 	  p[len - 2] = '\0';
 	  putithere->typed_val_decfloat.type
 	    = builtin_type (current_gdbarch)->builtin_decdouble;
 	  decimal_from_string (putithere->typed_val_decfloat.val, 8, p);
-	  p[len] = saved_char;
-	  return (DECFLOAT);
+	  p[len - 2] = 'd';
+	  return DECFLOAT;
 	}
 
-      if (p[len - 2] == 'd' && p[len - 1] == 'l')
+      if (len >= 2 && p[len - 2] == 'd' && p[len - 1] == 'l')
 	{
 	  p[len - 2] = '\0';
 	  putithere->typed_val_decfloat.type
 	    = builtin_type (current_gdbarch)->builtin_declong;
 	  decimal_from_string (putithere->typed_val_decfloat.val, 16, p);
-	  p[len] = saved_char;
-	  return (DECFLOAT);
+	  p[len - 2] = 'd';
+	  return DECFLOAT;
 	}
 
+      s = malloc (len);
+      saved_char = p[len];
+      p[len] = 0;	/* null-terminate the token */
       num = sscanf (p, "%" DOUBLEST_SCAN_FORMAT "%s",
 		    &putithere->typed_val_float.dval, s);
       p[len] = saved_char;	/* restore the input stream */