From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-79508-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 24082 invoked by alias); 9 Mar 2011 20:07:35 -0000
Received: (qmail 24074 invoked by uid 22791); 9 Mar 2011 20:07:34 -0000
X-SWARE-Spam-Status: No, hits=-1.9 required=5.0	tests=AWL,BAYES_00,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from mail.codesourcery.com (HELO mail.codesourcery.com) (38.113.113.100)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 09 Mar 2011 20:07:30 +0000
Received: (qmail 3030 invoked from network); 9 Mar 2011 20:07:28 -0000
Received: from unknown (HELO scottsdale.localnet) (pedro@127.0.0.2)  by mail.codesourcery.com with ESMTPA; 9 Mar 2011 20:07:28 -0000
From: Pedro Alves <pedro@codesourcery.com>
To: gdb-patches@sourceware.org
Subject: Re: [RFA] completer.c (expression_completer): Stop memory leak.
Date: Wed, 09 Mar 2011 20:29:00 -0000
User-Agent: KMail/1.13.5 (Linux/2.6.35-27-generic; KDE/4.6.1; x86_64; ; )
Cc: Michael Snyder <msnyder@vmware.com>
References: <4D77CDD6.7010700@vmware.com>
In-Reply-To: <4D77CDD6.7010700@vmware.com>
MIME-Version: 1.0
Content-Type: Text/Plain;  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Message-Id: <201103092007.33388.pedro@codesourcery.com>
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2011-03/txt/msg00621.txt.bz2

On Wednesday 09 March 2011 18:58:30, Michael Snyder wrote:
> In this case, it is possible for fieldname to be allocated before an 
> exception is thrown.
> 
> OK?

Notice how `fieldname' is uninitialized by expression_completer.
If an exception is thrown from within parse_field_expression
before writting to `fieldname', you'll be calling `free'
(it should be xfree, btw) on an uninitialized pointer.  That's
bad.

Please fix this within parse_field_expression itself.
1) even if what I describe above can't happen as is
today (it may or not, dunno), your change makes the
code quite fragile.  2) any other parse_field_expression call
that isn't wrapped in a TRY_CATCH like this, is a
potential leak.

-- 
Pedro Alves

> 
> completer.txt
>   2011-03-09  Michael Snyder  <msnyder@msnyder-server.eng.vmware.com>
> 
>         * completer.c (expression_completer): Stop memory leak.
> 
> Index: completer.c
> ===================================================================
> RCS file: /cvs/src/src/gdb/completer.c,v
> retrieving revision 1.44
> diff -u -p -r1.44 completer.c
> --- completer.c 26 Feb 2011 02:07:07 -0000      1.44
> +++ completer.c 9 Mar 2011 18:56:24 -0000
> @@ -455,7 +455,10 @@ expression_completer (struct cmd_list_el
>        type = parse_field_expression (text, &fieldname);
>      }
>    if (except.reason < 0)
> -    return NULL;
> +    {
> +      free (fieldname);
> +      return NULL;