[libbacktrace] Don't point to released memory in backtrace_vector_release

When backtrace_vector_release is called with vec.size == 0, it releases the
memory pointed at by vec.base.

Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released
memory.

Bootstrapped and reg-tested on x86_64.

2018-11-27  Tom de Vries  <tdevries@suse.de>

	* mmap.c (backtrace_vector_release): Same.
	* unittest.c (test1): Add check.

From-SVN: r266505

diff --git a/libbacktrace/ChangeLog b/libbacktrace/ChangeLog
index 255e2c8921e6066a104f33b51bb7d2ce34093d47..e7fdfd8e9403a44a8eae79f25842577d6debbca8 100644 (file)
--- a/libbacktrace/ChangeLog
+++ b/libbacktrace/ChangeLog
@@ -1,3 +1,8 @@
+2018-11-27  Tom de Vries  <tdevries@suse.de>
+
+       * mmap.c (backtrace_vector_release): Same.
+       * unittest.c (test1): Add check.
+
 2018-11-27  Tom de Vries  <tdevries@suse.de>
 
        * alloc.c (backtrace_vector_release): Handle vec->size == 0 using free

diff --git a/libbacktrace/mmap.c b/libbacktrace/mmap.c
index 32fcba6239927f19ed36f0f2a4fec63a92457e77..9f896a1bb9986613a743750d5c7ab48674a1c296 100644 (file)
--- a/libbacktrace/mmap.c
+++ b/libbacktrace/mmap.c
@@ -321,5 +321,7 @@ backtrace_vector_release (struct backtrace_state *state,
   backtrace_free (state, (char *) vec->base + aligned, alc,
                  error_callback, data);
   vec->alc = 0;
+  if (vec->size == 0)
+    vec->base = NULL;
   return 1;
 }

diff --git a/libbacktrace/unittest.c b/libbacktrace/unittest.c
index 576aa0809350cff16d68ebc661419b08529b8690..3471d78488d16756cbdb876890fe01a6753f3cb0 100644 (file)
--- a/libbacktrace/unittest.c
+++ b/libbacktrace/unittest.c
@@ -69,7 +69,7 @@ test1 (void)
 
   count = 0;
   res = backtrace_vector_release (state, &vec, error_callback, NULL);
-  failed = res != 1 || count != 0;
+  failed = res != 1 || count != 0 || vec.base != NULL;
 
   printf ("%s: unittest backtrace_vector_release size == 0\n",
          failed ? "FAIL": "PASS");