From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cagney <ac131313@cygnus.com>
To: GDB Patches <gdb-patches@sourceware.cygnus.com>
Subject: [rfc/rfa] Revsions to gdbint.texinfo
Date: Fri, 15 Jun 2001 00:14:00 -0000
Message-id: <3B29B5DE.30405@cygnus.com>
X-SW-Source: 2001-06/msg00285.html

Hello,

The attatached patch tries to address the most glaring errors in the GDB 
internals document.  More work is always needed.

Structuring hints are welcome.

It includes a section titled ``Memory Management'' and that, in turn 
mentions alloca().

	Andrew
>From brobecker@act-europe.fr Fri Jun 15 00:37:00 2001
From: Joel Brobecker <brobecker@act-europe.fr>
To: gdb-patches@sources.redhat.com
Subject: [RFA] Add 2 persons in MAINTAINERS
Date: Fri, 15 Jun 2001 00:37:00 -0000
Message-id: <20010615093709.B10775@act-europe.fr>
X-SW-Source: 2001-06/msg00286.html
Content-length: 349

Hi,

  Paul Hilfinger and I now have Write After Approval priviledges.
I updated the MAINTAINERS file accordingly (a patch is attached).
Here is the ChangeLog.

2001-06-15  Joel Brobecker <brobecker@act-europe.fr>

        * MAINTAINERS: Add Paul Hilfinger and Joel Brobecker to the
        Write After Approval list.

Ok for me to commit?
-- 
Joel
>From eirik@hackrat.com Fri Jun 15 01:00:00 2001
From: Eirik Fuller <eirik@hackrat.com>
To: gdb-patches@sourceware.cygnus.com
Subject: [patch] read_command_lines can return freed memory
Date: Fri, 15 Jun 2001 01:00:00 -0000
Message-id: <20010615080029.8484D40014@hackrat.com>
X-SW-Source: 2001-06/msg00287.html
Content-length: 1246

When sourcing a script file with improperly nested control statments,
gdb can store a pointer to freed memory in a cmd_list_element struct,
which can cause subsequent crashes.  One test case is to source this
script file twice:


define	fp
    set $frame = (long *) $arg0
    while $frame[0] > $frame
	printf "%08x: %08x %08x\n", $frame, $frame[0], $frame[1]
	if $frame[1]
	    if ((uchar **)$frame)[1][-5] == 0xe8
		x/i $frame[1] - 5
	    else
		if ((uchar **)$frame)[1][-2] == 0xff
		    x/i $frame[1] - 2
		else
		    x/i $frame[1]
#		end
	    end
	else
	    x/i $frame[2]
	end
	set $frame = (long *) $frame[0]
    end
end


Removing the # results in a script file which can be sourced with no
errors.  The patch included here prevents the crash.  Here's a
ChangeLog entry:

2001-06-15  Eirik Fuller  <eirik@hackrat.com>

	* cli/cli-script.c (read_command_lines): Don't return freed
	memory.

Here's the patch:

--- gdb+dejagnu-20010615/gdb/cli/cli-script.c-	Tue Mar 13 14:29:14 2001
+++ gdb+dejagnu-20010615/gdb/cli/cli-script.c	Thu Jun 14 22:53:17 2001
@@ -995,7 +995,10 @@
 	  discard_cleanups (old_chain);
 	}
       else
-	do_cleanups (old_chain);
+	{
+	  do_cleanups (old_chain);
+	  head = NULL;
+	}
     }
 
   if (readline_end_hook)