[PATCH 3/4][libbacktrace] Don't point to released memory in backtrace_vector_release

Fri, 23 Nov 2018 12:55:42 -0800 

[ was: Re: [PATCH 2/2][libbacktrace] Don't point to released memory in
backtrace_vector_release ]

On Thu, Nov 22, 2018 at 01:36:49PM +0100, Tom de Vries wrote:
> Hi,
> 
> When backtrace_vector_release is called with vec.size == 0, it releases the
> memory pointed at by vec.base.
> 
> In case of the backtrace_vector_release in alloc.c, vec.base may then be set
> to NULL, but this is not guaranteed.
> 
> Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released
> memory.
> 
> OK for trunk if bootstrap and reg-test on x86_64 succeeds?
> 

Reposting patch with alloc.c part dropped, now that alloc.c has been rewritten
to use free instead of realloc with size 0.

OK for trunk?

Thanks,
- Tom

[libbacktrace] Don't point to released memory in backtrace_vector_release

When backtrace_vector_release is called with vec.size == 0, it releases the
memory pointed at by vec.base.

Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released
memory.

Bootstrapped and reg-tested on x86_64.

2018-11-22  Tom de Vries  <tdevr...@suse.de>

        * mmap.c (backtrace_vector_release): Same.
        * unittest.c (test1): Add check.

---
 libbacktrace/mmap.c     | 2 ++
 libbacktrace/unittest.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/libbacktrace/mmap.c b/libbacktrace/mmap.c
index 32fcba62399..9f896a1bb99 100644
--- a/libbacktrace/mmap.c
+++ b/libbacktrace/mmap.c
@@ -321,5 +321,7 @@ backtrace_vector_release (struct backtrace_state *state,
   backtrace_free (state, (char *) vec->base + aligned, alc,
                  error_callback, data);
   vec->alc = 0;
+  if (vec->size == 0)
+    vec->base = NULL;
   return 1;
 }
diff --git a/libbacktrace/unittest.c b/libbacktrace/unittest.c
index 576aa080935..3471d78488d 100644
--- a/libbacktrace/unittest.c
+++ b/libbacktrace/unittest.c
@@ -69,7 +69,7 @@ test1 (void)
 
   count = 0;
   res = backtrace_vector_release (state, &vec, error_callback, NULL);
-  failed = res != 1 || count != 0;
+  failed = res != 1 || count != 0 || vec.base != NULL;
 
   printf ("%s: unittest backtrace_vector_release size == 0\n",
          failed ? "FAIL": "PASS");

Reply via email to