This is the mail archive of the gdb-patches@sourceware.cygnus.com mailing list for the GDB project. See the GDB home page for more information.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Correction of a crash in sim_memory_uninstall


Hi!

I've found a problem in the common part of the simulator.
It crashes in `sim_memory_uninstall' when the simulator terminates.

The problem is when this operation walks a list and frees the
sim_memopt objects. It frees the entry (line 457, call to zfree)
and then gets the pointer to the next one, accessing the freed data
(line 461, *entry = (*entry)->next). 

One fix consist in updating 'entry' before the while loop.

Hope this helps,

	Stephane


*** /src/gnu/gdb-19990330/sim/common/sim-memopt.c       Thu Jan 28 15:13:33
1999
--- sim-memopt.c        Sat Apr  3 20:06:42 1999
***************
*** 449,454 ****
--- 449,457 ----
  
        /* delete it and its aliases */
        alias = *entry;
+ 
+       /* next victim */
+       *entry = (*entry)->next;
        while (alias != NULL)
        {
          sim_memopt *dead = alias;
***************
*** 456,464 ****
          sim_core_detach (sd, NULL, dead->level, dead->space, dead->addr);
          zfree (dead);
        }
- 
-       /* next victim */
-       *entry = (*entry)->next;
      }
  }
  
--- 459,464 ----