This is the mail archive of the
gdb-patches@sources.redhat.com
mailing list for the GDB project.
Re: [patch] read_command_lines can return freed memory
- To: Eirik Fuller <eirik at hackrat dot com>
- Subject: Re: [patch] read_command_lines can return freed memory
- From: Fernando Nasser <fnasser at cygnus dot com>
- Date: Fri, 15 Jun 2001 15:04:23 -0400
- CC: Fernando Nasser <fnasser at redhat dot com>, gdb-patches at sourceware dot cygnus dot com
- Organization: Red Hat , Inc. - Toronto
- References: <3B2A2258.639532FC@redhat.com> <20010615184039.230C340014@hackrat.com>
Thanks for testing it and for the test case.
If you agree, I will modify your changelog entry to:
2001-06-15 Eirik Fuller <eirik@hackrat.com>
* cli/cli-script.c (free_command_lines): Reset list pointer.
and check the second version of the patch in.
And thanks again for the bug report/fix.
Regards,
Fernando
Eirik Fuller wrote:
>
> I backed out the patch to read_command_lines, confirmed that the crash
> occurs again, applied the patch to free_command_lines, and confirmed
> that the crash no longer occurs.
>
> I agree that patching free_command_lines is the right way to fix this.
>
> > we should think of a more contrived example to create a test case...
>
> Here's the simplest test case I've found which triggers the crash:
>
> define f0
> set $f = $arg0
> if $f[1]
> if $f[2]
> f2
> else
> f1
> else
>
> You can also add stuff after the second else. As before, source that
> file twice; the second time triggers the crash. It's likely that the
> details of the crash (including whether it occurs at all) vary from
> platform to platform; I'm using a Debian x86 system with libc6 2.2.3.
>
> Thanks,
> Eirik
--
Fernando Nasser
Red Hat - Toronto E-Mail: fnasser@redhat.com
2323 Yonge Street, Suite #300
Toronto, Ontario M4P 2C9