From: Tom de Vries Date: Tue, 27 Nov 2018 08:26:04 +0000 (+0000) Subject: [libbacktrace] Don't point to released memory in backtrace_vector_release X-Git-Tag: basepoints/gcc-10~2776 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6d760a0197ece131619ac88f0fe34ce452fd774c;p=thirdparty%2Fgcc.git [libbacktrace] Don't point to released memory in backtrace_vector_release When backtrace_vector_release is called with vec.size == 0, it releases the memory pointed at by vec.base. Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released memory. Bootstrapped and reg-tested on x86_64. 2018-11-27 Tom de Vries * mmap.c (backtrace_vector_release): Same. * unittest.c (test1): Add check. From-SVN: r266505 --- diff --git a/libbacktrace/ChangeLog b/libbacktrace/ChangeLog index 255e2c8921e6..e7fdfd8e9403 100644 --- a/libbacktrace/ChangeLog +++ b/libbacktrace/ChangeLog @@ -1,3 +1,8 @@ +2018-11-27 Tom de Vries + + * mmap.c (backtrace_vector_release): Same. + * unittest.c (test1): Add check. + 2018-11-27 Tom de Vries * alloc.c (backtrace_vector_release): Handle vec->size == 0 using free diff --git a/libbacktrace/mmap.c b/libbacktrace/mmap.c index 32fcba623992..9f896a1bb998 100644 --- a/libbacktrace/mmap.c +++ b/libbacktrace/mmap.c @@ -321,5 +321,7 @@ backtrace_vector_release (struct backtrace_state *state, backtrace_free (state, (char *) vec->base + aligned, alc, error_callback, data); vec->alc = 0; + if (vec->size == 0) + vec->base = NULL; return 1; } diff --git a/libbacktrace/unittest.c b/libbacktrace/unittest.c index 576aa0809350..3471d78488d1 100644 --- a/libbacktrace/unittest.c +++ b/libbacktrace/unittest.c @@ -69,7 +69,7 @@ test1 (void) count = 0; res = backtrace_vector_release (state, &vec, error_callback, NULL); - failed = res != 1 || count != 0; + failed = res != 1 || count != 0 || vec.base != NULL; printf ("%s: unittest backtrace_vector_release size == 0\n", failed ? "FAIL": "PASS");