From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-56793-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 1135 invoked by alias); 24 Jun 2008 13:36:40 -0000
Received: (qmail 1120 invoked by uid 22791); 24 Jun 2008 13:36:39 -0000
X-Spam-Check-By: sourceware.org
Received: from host0.dyn.jankratochvil.net (HELO host0.dyn.jankratochvil.net) (89.250.240.59)     by sourceware.org (qpsmtpd/0.31) with ESMTP; Tue, 24 Jun 2008 13:36:04 +0000
Received: from host0.dyn.jankratochvil.net (localhost [127.0.0.1]) 	by host0.dyn.jankratochvil.net (8.14.2/8.14.2) with ESMTP id m5ODZg5C029732; 	Tue, 24 Jun 2008 15:35:42 +0200
Received: (from jkratoch@localhost) 	by host0.dyn.jankratochvil.net (8.14.2/8.14.2/Submit) id m5ODZe4r029731; 	Tue, 24 Jun 2008 15:35:40 +0200
Date: Tue, 24 Jun 2008 14:04:00 -0000
From: Jan Kratochvil <jan.kratochvil@redhat.com>
To: Hui Zhu <teawater@gmail.com>
Cc: Thiago Jung Bauermann <bauerman@br.ibm.com>, gdb-patches@sourceware.org
Subject: Re: [patch]: Fix memory leak of c-exp.y
Message-ID: <20080624133540.GA1948@host0.dyn.jankratochvil.net>
References: <daef60380806232332n429917efu4eec3c7ca1731987@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="wRRV7LY7NUeQGEoC"
Content-Disposition: inline
In-Reply-To: <daef60380806232332n429917efu4eec3c7ca1731987@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2008-06/txt/msg00407.txt.bz2


--wRRV7LY7NUeQGEoC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-length: 556

On Tue, 24 Jun 2008 08:32:44 +0200, teawater wrote:
> ChangeLog:
> 2008-06-21  Hui Zhu <teawater@gmail.com>
>        * gdb/c-exp.y: Fix memory leak of function parse_number

Agreed with the fix just IMO the block of code needs more cleanups.  [attached]
The leak was brought in by:
  http://sourceware.org/ml/gdb-patches/2007-10/msg00395.html

Just please check the GNU Coding Standards document for the ChangeLog style, it
should have been more like:

2008-06-21  Hui Zhu  <teawater@gmail.com>

	* c-exp.y (parse_number): Fix a memory leak.


Thanks,
Jan

--wRRV7LY7NUeQGEoC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline; filename="gdb-c-exp-dfp-leaketc.patch"
Content-length: 2525

2008-06-24  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Fix a memory leak found by Hui Zhu <teawater@gmail.com>.
	* c-exp.y (parse_number): Move the S and SAVED_CHAR initialization
	after the DECFLOAT detection to fix a memory leak.  Remove the
	redundant NUM initialization.  Protect the DECFLOAT detection memory
	access before the P block.  Restore the P memory content for the
	DECFLOAT detection.

--- ./gdb/c-exp.y	9 Jun 2008 19:25:14 -0000	1.45
+++ ./gdb/c-exp.y	24 Jun 2008 13:03:26 -0000
@@ -1118,45 +1118,46 @@ parse_number (p, len, parsed_float, puti
   if (parsed_float)
     {
       /* It's a float since it contains a point or an exponent.  */
-      char *s = malloc (len);
-      int num = 0;	/* number of tokens scanned by scanf */
-      char saved_char = p[len];
-
-      p[len] = 0;	/* null-terminate the token */
+      char *s;
+      int num;	/* number of tokens scanned by scanf */
+      char saved_char;
 
       /* If it ends at "df", "dd" or "dl", take it as type of decimal floating
          point.  Return DECFLOAT.  */
 
-      if (p[len - 2] == 'd' && p[len - 1] == 'f')
+      if (len >= 2 && p[len - 2] == 'd' && p[len - 1] == 'f')
 	{
 	  p[len - 2] = '\0';
 	  putithere->typed_val_decfloat.type
 	    = builtin_type (current_gdbarch)->builtin_decfloat;
 	  decimal_from_string (putithere->typed_val_decfloat.val, 4, p);
-	  p[len] = saved_char;
-	  return (DECFLOAT);
+	  p[len - 2] = 'd';
+	  return DECFLOAT;
 	}
 
-      if (p[len - 2] == 'd' && p[len - 1] == 'd')
+      if (len >= 2 && p[len - 2] == 'd' && p[len - 1] == 'd')
 	{
 	  p[len - 2] = '\0';
 	  putithere->typed_val_decfloat.type
 	    = builtin_type (current_gdbarch)->builtin_decdouble;
 	  decimal_from_string (putithere->typed_val_decfloat.val, 8, p);
-	  p[len] = saved_char;
-	  return (DECFLOAT);
+	  p[len - 2] = 'd';
+	  return DECFLOAT;
 	}
 
-      if (p[len - 2] == 'd' && p[len - 1] == 'l')
+      if (len >= 2 && p[len - 2] == 'd' && p[len - 1] == 'l')
 	{
 	  p[len - 2] = '\0';
 	  putithere->typed_val_decfloat.type
 	    = builtin_type (current_gdbarch)->builtin_declong;
 	  decimal_from_string (putithere->typed_val_decfloat.val, 16, p);
-	  p[len] = saved_char;
-	  return (DECFLOAT);
+	  p[len - 2] = 'd';
+	  return DECFLOAT;
 	}
 
+      s = malloc (len);
+      saved_char = p[len];
+      p[len] = 0;	/* null-terminate the token */
       num = sscanf (p, "%" DOUBLEST_SCAN_FORMAT "%s",
 		    &putithere->typed_val_float.dval, s);
       p[len] = saved_char;	/* restore the input stream */

--wRRV7LY7NUeQGEoC--