From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17716 invoked by alias); 22 Nov 2008 23:14:09 -0000 Received: (qmail 17644 invoked by uid 22791); 22 Nov 2008 23:14:09 -0000 X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (66.187.233.31) by sourceware.org (qpsmtpd/0.31) with ESMTP; Sat, 22 Nov 2008 23:13:10 +0000 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id mAMND9Cq015312 for ; Sat, 22 Nov 2008 18:13:09 -0500 Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com [172.16.2.10]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id mAMND7Y7008355; Sat, 22 Nov 2008 18:13:07 -0500 Received: from host0.dyn.jankratochvil.net (sebastian-int.corp.redhat.com [172.16.52.221]) by pobox.stuttgart.redhat.com (8.13.1/8.13.1) with ESMTP id mAMND6AV001300; Sat, 22 Nov 2008 18:13:06 -0500 Received: from host0.dyn.jankratochvil.net (localhost [127.0.0.1]) by host0.dyn.jankratochvil.net (8.14.3/8.14.2) with ESMTP id mAMND466012593; Sun, 23 Nov 2008 00:13:04 +0100 Received: (from jkratoch@localhost) by host0.dyn.jankratochvil.net (8.14.3/8.14.2/Submit) id mAMND4Vs012590; Sun, 23 Nov 2008 00:13:04 +0100 Date: Mon, 24 Nov 2008 04:11:00 -0000 From: Jan Kratochvil To: gdb-patches@sourceware.org Cc: Tom Tromey Subject: [patch] Fix completer access of an already freed memory Message-ID: <20081122231304.GA12471@host0.dyn.jankratochvil.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="5mCyUwZo2JvN/JJP" Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2008-11/txt/msg00621.txt.bz2 --5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-length: 555 Hi, Fix a regression if you link gdb with -lmcheck: -PASS: gdb.base/completion.exp: complete 'p values[0].a' -PASS: gdb.base/completion.exp: complete 'p values[0] . a' -PASS: gdb.base/completion.exp: complete 'p &values[0] -> a' -PASS: gdb.base/completion.exp: cd to ${srcdir} +FAIL: gdb.base/completion.exp: (timeout) complete 'p values[0].a' 2 +FAIL: gdb.base/completion.exp: (timeout) complete 'p values[0] . a' 2 +FAIL: gdb.base/completion.exp: (timeout) complete 'p &values[0] -> a' 2 +FAIL: gdb.base/completion.exp: cd to ${srcdir} Regards, Jan --5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline; filename="gdb-completer-mcheck.patch" Content-length: 1523 2008-11-22 Jan Kratochvil Fix access of an already freed memory. * parse.c (parse_field_expression): Call xstrdup on `*name'. * completer.c (expression_completer): Free fieldname. --- gdb/completer.c 11 Jul 2008 15:07:52 -0000 1.27 +++ gdb/completer.c 22 Nov 2008 23:00:31 -0000 @@ -414,9 +414,11 @@ expression_completer (char *text, char * add_struct_fields (type, &out, result, fieldname, flen); result[out] = NULL; + xfree (fieldname); return result; } } + xfree (fieldname); /* Commands which complete on locations want to see the entire argument. */ --- gdb/parse.c 2 Oct 2008 22:06:07 -0000 1.81 +++ gdb/parse.c 22 Nov 2008 23:00:34 -0000 @@ -1090,7 +1090,8 @@ parse_expression (char *string) /* Parse STRING as an expression. If parsing ends in the middle of a field reference, return the type of the left-hand-side of the reference; furthermore, if the parsing ends in the field name, - return the field name in *NAME. In all other cases, return NULL. */ + return the field name in *NAME. In all other cases, return NULL. + Returned non-NULL *NAME must be freed by the caller. */ struct type * parse_field_expression (char *string, char **name) @@ -1120,6 +1121,9 @@ parse_field_expression (char *string, ch xfree (exp); return NULL; } + /* (*NAME) is a part of the EXP memory block freed below. */ + *name = xstrdup (*name); + val = evaluate_subexpression_type (exp, subexp); xfree (exp); --5mCyUwZo2JvN/JJP--