From patchwork Tue Mar 10 09:59:14 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Wingo X-Patchwork-Id: 5543 Received: (qmail 26672 invoked by alias); 10 Mar 2015 09:59:23 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 26658 invoked by uid 89); 10 Mar 2015 09:59:22 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL, BAYES_00, RCVD_IN_DNSWL_LOW, SPF_NEUTRAL autolearn=ham version=3.3.2 X-HELO: sasl.smtp.pobox.com Received: from pb-sasl1.int.icgroup.com (HELO sasl.smtp.pobox.com) (208.72.237.25) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 10 Mar 2015 09:59:22 +0000 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-sasl1.pobox.com (Postfix) with ESMTP id 1B36834EA6 for ; Tue, 10 Mar 2015 05:59:20 -0400 (EDT) Received: from pb-sasl1.int.icgroup.com (unknown [127.0.0.1]) by pb-sasl1.pobox.com (Postfix) with ESMTP id 13D1B34EA5 for ; Tue, 10 Mar 2015 05:59:20 -0400 (EDT) Received: from rusty (unknown [88.160.190.192]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pb-sasl1.pobox.com (Postfix) with ESMTPSA id 4EF1B34EA4 for ; Tue, 10 Mar 2015 05:59:17 -0400 (EDT) From: Andy Wingo To: gdb-patches@sourceware.org Subject: [PATCH] Fix memory corruption in Guile command interface Date: Tue, 10 Mar 2015 10:59:14 +0100 Message-ID: <87k2ypp40d.fsf@igalia.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) MIME-Version: 1.0 Content-Disposition: inline; filename=0001-Fix-memory-corruption-in-Guile-command-interface.patch X-Pobox-Relay-ID: 1E946E66-C70C-11E4-A1E9-B058D0B8C469-02397024!pb-sasl1.pobox.com X-IsSubscribed: yes From 1edd8ea75766ab3c10cd0b4e0ce33a6c1274de21 Mon Sep 17 00:00:00 2001 From: Andy Wingo Date: Tue, 10 Mar 2015 10:56:54 +0100 Subject: [PATCH] Fix memory corruption in Guile command interface Re-registering a command will delete previous commands of the same name, running the destroyer for the command object. The Guile destroyer incorrectly tried to xfree the name and other strings, which is invalid as they are on the GC heap. gdb/ChangeLog: * guile/scm-cmd.c (cmdscm_destroyer): Don't xfree the name and other strings, as these are on the GC'd heap, and will be collected along with the smob. --- gdb/ChangeLog | 6 ++++++ gdb/guile/scm-cmd.c | 5 ----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index a0bfe3d..7c1bda6 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,9 @@ +2015-03-10 Andy Wingo + + * guile/scm-cmd.c (cmdscm_destroyer): Don't xfree the name and + other strings, as these are on the GC'd heap, and will be + collected along with the smob. + 2015-03-05 Andy Wingo * guile/scm-symbol.c (gdbscm_lookup_symbol): Don't error if there diff --git a/gdb/guile/scm-cmd.c b/gdb/guile/scm-cmd.c index 7c6d010..0fa6cca 100644 --- a/gdb/guile/scm-cmd.c +++ b/gdb/guile/scm-cmd.c @@ -286,11 +286,6 @@ cmdscm_destroyer (struct cmd_list_element *self, void *context) command_smob *c_smob = (command_smob *) context; cmdscm_release_command (c_smob); - - /* We allocated the name, doc string, and perhaps the prefix name. */ - xfree ((char *) self->name); - xfree ((char *) self->doc); - xfree ((char *) self->prefixname); } /* Called by gdb to invoke the command. */