Commit 2ea55c27 authored by Paul Eggert's avatar Paul Eggert

Fix double-free in pdumper

Revert the double-free bug that I introduced in
2019-03-11T15:20:54Z!eggert@cs.ucla.edu.
* src/pdumper.c (dump_mmap_reset): Do not free the private member;
that’s the release function’s job.
(dump_mm_heap_cb_release): Free cb if its refcount goes to zero.
(dump_mmap_contiguous_heap): Mention memory leak in comment.
parent d9664f0d
Pipeline #1391 passed with stage
in 50 minutes and 48 seconds
...@@ -4623,9 +4623,7 @@ dump_mmap_reset (struct dump_memory_map *map) ...@@ -4623,9 +4623,7 @@ dump_mmap_reset (struct dump_memory_map *map)
{ {
map->mapping = NULL; map->mapping = NULL;
map->release = NULL; map->release = NULL;
void *private = map->private;
map->private = NULL; map->private = NULL;
free (private);
} }
static void static void
...@@ -4648,7 +4646,10 @@ dump_mm_heap_cb_release (struct dump_memory_map_heap_control_block *cb) ...@@ -4648,7 +4646,10 @@ dump_mm_heap_cb_release (struct dump_memory_map_heap_control_block *cb)
{ {
eassert (cb->refcount > 0); eassert (cb->refcount > 0);
if (--cb->refcount == 0) if (--cb->refcount == 0)
free (cb->mem); {
free (cb->mem);
free (cb);
}
} }
static void static void
...@@ -4663,7 +4664,12 @@ dump_mmap_contiguous_heap (struct dump_memory_map *maps, int nr_maps, ...@@ -4663,7 +4664,12 @@ dump_mmap_contiguous_heap (struct dump_memory_map *maps, int nr_maps,
size_t total_size) size_t total_size)
{ {
bool ret = false; bool ret = false;
/* FIXME: This storage sometimes is never freed.
Beware: the simple patch 2019-03-11T15:20:54Z!eggert@cs.ucla.edu
is worse, as it sometimes frees this storage twice. */
struct dump_memory_map_heap_control_block *cb = calloc (1, sizeof (*cb)); struct dump_memory_map_heap_control_block *cb = calloc (1, sizeof (*cb));
char *mem; char *mem;
if (!cb) if (!cb)
goto out; goto out;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment