[patch] Fix completer access of an already freed memory

[patch] Fix completer access of an already freed memory

[Jan Kratochvil]

[-- Attachment #1: Type: text/plain, Size: 555 bytes --]

Hi,

Fix a regression if you link gdb with -lmcheck:

-PASS: gdb.base/completion.exp: complete 'p values[0].a'
-PASS: gdb.base/completion.exp: complete 'p values[0] . a'
-PASS: gdb.base/completion.exp: complete 'p &values[0] -> a'
-PASS: gdb.base/completion.exp: cd to ${srcdir}
+FAIL: gdb.base/completion.exp: (timeout) complete 'p values[0].a' 2
+FAIL: gdb.base/completion.exp: (timeout) complete 'p values[0] . a' 2
+FAIL: gdb.base/completion.exp: (timeout) complete 'p &values[0] -> a' 2
+FAIL: gdb.base/completion.exp: cd to ${srcdir}


Regards,
Jan

[-- Attachment #2: gdb-completer-mcheck.patch --]
[-- Type: text/plain, Size: 1523 bytes --]

2008-11-22  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Fix access of an already freed memory.
	* parse.c (parse_field_expression): Call xstrdup on `*name'.
	* completer.c (expression_completer): Free fieldname.

--- gdb/completer.c	11 Jul 2008 15:07:52 -0000	1.27
+++ gdb/completer.c	22 Nov 2008 23:00:31 -0000
@@ -414,9 +414,11 @@ expression_completer (char *text, char *
 
 	  add_struct_fields (type, &out, result, fieldname, flen);
 	  result[out] = NULL;
+	  xfree (fieldname);
 	  return result;
 	}
     }
+  xfree (fieldname);
 
   /* Commands which complete on locations want to see the entire
      argument.  */
--- gdb/parse.c	2 Oct 2008 22:06:07 -0000	1.81
+++ gdb/parse.c	22 Nov 2008 23:00:34 -0000
@@ -1090,7 +1090,8 @@ parse_expression (char *string)
 /* Parse STRING as an expression.  If parsing ends in the middle of a
    field reference, return the type of the left-hand-side of the
    reference; furthermore, if the parsing ends in the field name,
-   return the field name in *NAME.  In all other cases, return NULL.  */
+   return the field name in *NAME.  In all other cases, return NULL.
+   Returned non-NULL *NAME must be freed by the caller.  */
 
 struct type *
 parse_field_expression (char *string, char **name)
@@ -1120,6 +1121,9 @@ parse_field_expression (char *string, ch
       xfree (exp);
       return NULL;
     }
+  /* (*NAME) is a part of the EXP memory block freed below.  */
+  *name = xstrdup (*name);
+
   val = evaluate_subexpression_type (exp, subexp);
   xfree (exp);
 

Re: [patch] Fix completer access of an already freed memory

[Tom Tromey]

>>>>> "Jan" == Jan Kratochvil <jan.kratochvil@redhat.com> writes:

Jan> 2008-11-22  Jan Kratochvil  <jan.kratochvil@redhat.com>
Jan> 	Fix access of an already freed memory.
Jan> 	* parse.c (parse_field_expression): Call xstrdup on `*name'.
Jan> 	* completer.c (expression_completer): Free fieldname.

Thanks.  FWIW, this looks reasonable to me.  I can't approve it though.

Tom

Re: [patch] Fix completer access of an already freed memory

[Daniel Jacobowitz]

On Mon, Nov 24, 2008 at 09:32:54AM -0700, Tom Tromey wrote:
> >>>>> "Jan" == Jan Kratochvil <jan.kratochvil@redhat.com> writes:
> 
> Jan> 2008-11-22  Jan Kratochvil  <jan.kratochvil@redhat.com>
> Jan> 	Fix access of an already freed memory.
> Jan> 	* parse.c (parse_field_expression): Call xstrdup on `*name'.
> Jan> 	* completer.c (expression_completer): Free fieldname.
> 
> Thanks.  FWIW, this looks reasonable to me.  I can't approve it though.

Good enough for me - this is OK, thanks.

-- 
Daniel Jacobowitz
CodeSourcery