[PATCH 2/2][libbacktrace] Don't point to released memory in backtrace_vector_release

Thu, 22 Nov 2018 04:37:28 -0800 

Hi,

When backtrace_vector_release is called with vec.size == 0, it releases the
memory pointed at by vec.base.

In case of the backtrace_vector_release in alloc.c, vec.base may then be set
to NULL, but this is not guaranteed.

Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released
memory.

OK for trunk if bootstrap and reg-test on x86_64 succeeds?

Thanks,
- Tom

[libbacktrace] Don't point to released memory in backtrace_vector_release

2018-11-22  Tom de Vries  <tdevr...@suse.de>

        * alloc.c (backtrace_vector_release): Set base to NULL if size == 0.
        * mmap.c (backtrace_vector_release): Same.
        * unittest.c (test1): Add check.

---
 libbacktrace/alloc.c    | 2 ++
 libbacktrace/mmap.c     | 2 ++
 libbacktrace/unittest.c | 4 +++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/libbacktrace/alloc.c b/libbacktrace/alloc.c
index 2f7ad956088..fb1e754788b 100644
--- a/libbacktrace/alloc.c
+++ b/libbacktrace/alloc.c
@@ -152,5 +152,7 @@ backtrace_vector_release (struct backtrace_state *state 
ATTRIBUTE_UNUSED,
       return 0;
     }
   vec->alc = 0;
+  if (vec->size == 0)
+    vec->base = NULL;
   return 1;
 }
diff --git a/libbacktrace/mmap.c b/libbacktrace/mmap.c
index 32fcba62399..9f896a1bb99 100644
--- a/libbacktrace/mmap.c
+++ b/libbacktrace/mmap.c
@@ -321,5 +321,7 @@ backtrace_vector_release (struct backtrace_state *state,
   backtrace_free (state, (char *) vec->base + aligned, alc,
                  error_callback, data);
   vec->alc = 0;
+  if (vec->size == 0)
+    vec->base = NULL;
   return 1;
 }
diff --git a/libbacktrace/unittest.c b/libbacktrace/unittest.c
index 576aa080935..6c07aff91ee 100644
--- a/libbacktrace/unittest.c
+++ b/libbacktrace/unittest.c
@@ -58,6 +58,7 @@ test1 (void)
 {
   int res;
   int failed;
+  void *prev;
 
   struct backtrace_vector vec;
 
@@ -68,8 +69,9 @@ test1 (void)
   vec.size = 0;
 
   count = 0;
+  prev = vec.base;
   res = backtrace_vector_release (state, &vec, error_callback, NULL);
-  failed = res != 1 || count != 0;
+  failed = res != 1 || count != 0 || vec.base != NULL;
 
   printf ("%s: unittest backtrace_vector_release size == 0\n",
          failed ? "FAIL": "PASS");

Reply via email to