From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-60729-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 17582 invoked by alias); 22 Dec 2008 13:25:23 -0000
Received: (qmail 17554 invoked by uid 22791); 22 Dec 2008 13:25:22 -0000
X-SWARE-Spam-Status: No, hits=-2.2 required=5.0 	tests=AWL,BAYES_00,KAM_MX,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: sourceware.org
Received: from mx2.redhat.com (HELO mx2.redhat.com) (66.187.237.31)     by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 22 Dec 2008 13:24:47 +0000
Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) 	by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id mBMDOOF5004354; 	Mon, 22 Dec 2008 08:24:24 -0500
Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) 	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id mBMDONfe011876; 	Mon, 22 Dec 2008 08:24:23 -0500
Received: from host0.dyn.jankratochvil.net (sebastian-int.corp.redhat.com [172.16.52.221]) 	by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id mBMDOLld030737; 	Mon, 22 Dec 2008 08:24:23 -0500
Received: from host0.dyn.jankratochvil.net (localhost [127.0.0.1]) 	by host0.dyn.jankratochvil.net (8.14.3/8.14.3) with ESMTP id mBMDOLHP032618; 	Mon, 22 Dec 2008 14:24:21 +0100
Received: (from jkratoch@localhost) 	by host0.dyn.jankratochvil.net (8.14.3/8.14.2/Submit) id mBMDOK1f032615; 	Mon, 22 Dec 2008 14:24:20 +0100
Date: Mon, 22 Dec 2008 13:25:00 -0000
From: Jan Kratochvil <jan.kratochvil@redhat.com>
To: Joel Brobecker <brobecker@adacore.com>
Cc: gdb-patches@sourceware.org
Subject: Re: [patch] Fix completion memory double-free
Message-ID: <20081222132420.GA32481@host0.dyn.jankratochvil.net>
References: <20081220005103.GA19202@host0.dyn.jankratochvil.net> <20081222043502.GC25416@adacore.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20081222043502.GC25416@adacore.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2008-12/txt/msg00375.txt.bz2

On Mon, 22 Dec 2008 05:35:02 +0100, Joel Brobecker wrote:
> I really wonder if the "sleep 1" is needed in this case.

You are right, it isn't.  It was a copy-paste but in this case there is
fortunately the `$gdb_prompt $' terminator which does not need the sleep.
Removed `sleep 1'.

Committed.


Thanks,
Jan


gdb/
2008-12-22  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Fix memory double-free.
	* completer.c (line_completion_function): Clear LIST after called xfree.

gdb/testsuite/
2008-12-22  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* gdb.base/completion.exp (Completing non-existing component): New test.

===================================================================
RCS file: /cvs/src/src/gdb/completer.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- src/gdb/completer.c	2008/11/24 17:05:43	1.28
+++ src/gdb/completer.c	2008/12/22 13:19:29	1.29
@@ -752,8 +752,10 @@
       if (list)
 	{
 	  /* Free the storage used by LIST, but not by the strings inside.
-	     This is because rl_complete_internal () frees the strings.  */
+	     This is because rl_complete_internal () frees the strings.
+	     As complete_line may abort by calling `error' clear LIST now.  */
 	  xfree (list);
+	  list = NULL;
 	}
       index = 0;
       list = complete_line (text, line_buffer, point);
===================================================================
RCS file: /cvs/src/src/gdb/testsuite/gdb.base/completion.exp,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- src/gdb/testsuite/gdb.base/completion.exp	2008/10/22 19:46:13	1.34
+++ src/gdb/testsuite/gdb.base/completion.exp	2008/12/22 13:19:30	1.35
@@ -805,6 +805,24 @@
         timeout         { fail "(timeout) complete 'set follow-fork-mode'" }
         }
 
+send_gdb "p values\[0\].nonex.\t"
+gdb_expect  {
+        -re "Type struct some_struct has no component named nonex.\r\n$gdb_prompt $"\
+            { pass "Completing non-existing component" }
+        -re ".*$gdb_prompt $"       { fail "Completing non-existing component" }
+        timeout         { fail "(timeout) Completing non-existing component" }
+        eof             { fail "(eof) Completing non-existing component #2" }
+        }
+# Double memory freeing gets found only on the second run:
+send_gdb "p values\[0\].nonex.\t"
+gdb_expect  {
+        -re "Type struct some_struct has no component named nonex.\r\n$gdb_prompt $"\
+            { pass "Completing non-existing component #2" }
+        -re ".*$gdb_prompt $"       { fail "Completing non-existing component #2" }
+        timeout         { fail "(timeout) Completing non-existing component #2" }
+        eof             { fail "(eof) Completing non-existing component #2" }
+        }
+
 # Restore globals modified in this test...
 if [info exists old_inputrc] {
     set env(INPUTRC) $old_inputrc