From patchwork Thu Nov 22 12:36:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom de Vries X-Patchwork-Id: 1001746 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-490713-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.de Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="T2U9evvL"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 430zTf6blqz9s29 for ; Thu, 22 Nov 2018 23:36:54 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:mime-version:content-type; q=dns; s=default; b=CJUkDvXlDvJQVXlur+Kq0oJQw/zd00B8Ohd3ABR5276ezHFM0z dWDujoTCP3mJMq9iFlCLa9BsBbW0FuGoQxFCI5Tpw9HwNGX2AfjA0wgPGuzl9plX x9dyltXeXKVLrtPwZlYaYcbpqHSK/oNa2V3vLo+kARm4t/TBv3XkY8bvs= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:mime-version:content-type; s= default; bh=SpgA1j7IkchRjgi3YqwYboWWlRQ=; b=T2U9evvLMGO6pwPVYhgi D+RqFQvTxpB8XojoWTKrqJla9QNaDDX2x3RCzYZ4sTc3Unog4XfqMmZn/KQaXo2I LBAVffAb+KU/Pwnww/FED8gRtTRR1Yht3o0P1Y3rsE3UMibzUtqWfhEiGlHkLdMw Jr8G3qtONddNVAt/GcXfT/E= Received: (qmail 19987 invoked by alias); 22 Nov 2018 12:36:47 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 19975 invoked by uid 89); 22 Nov 2018 12:36:47 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:2163 X-HELO: mx1.suse.de Received: from mx2.suse.de (HELO mx1.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 22 Nov 2018 12:36:45 +0000 Received: from relay1.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id C7826AEAA; Thu, 22 Nov 2018 12:36:43 +0000 (UTC) Date: Thu, 22 Nov 2018 13:36:49 +0100 From: Tom de Vries To: gcc-patches@gcc.gnu.org Cc: Ian Lance Taylor Subject: [PATCH 2/2][libbacktrace] Don't point to released memory in backtrace_vector_release Message-ID: <20181122123647.GA2403@delia> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-IsSubscribed: yes Hi, When backtrace_vector_release is called with vec.size == 0, it releases the memory pointed at by vec.base. In case of the backtrace_vector_release in alloc.c, vec.base may then be set to NULL, but this is not guaranteed. Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released memory. OK for trunk if bootstrap and reg-test on x86_64 succeeds? Thanks, - Tom [libbacktrace] Don't point to released memory in backtrace_vector_release 2018-11-22 Tom de Vries * alloc.c (backtrace_vector_release): Set base to NULL if size == 0. * mmap.c (backtrace_vector_release): Same. * unittest.c (test1): Add check. --- libbacktrace/alloc.c | 2 ++ libbacktrace/mmap.c | 2 ++ libbacktrace/unittest.c | 4 +++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/libbacktrace/alloc.c b/libbacktrace/alloc.c index 2f7ad956088..fb1e754788b 100644 --- a/libbacktrace/alloc.c +++ b/libbacktrace/alloc.c @@ -152,5 +152,7 @@ backtrace_vector_release (struct backtrace_state *state ATTRIBUTE_UNUSED, return 0; } vec->alc = 0; + if (vec->size == 0) + vec->base = NULL; return 1; } diff --git a/libbacktrace/mmap.c b/libbacktrace/mmap.c index 32fcba62399..9f896a1bb99 100644 --- a/libbacktrace/mmap.c +++ b/libbacktrace/mmap.c @@ -321,5 +321,7 @@ backtrace_vector_release (struct backtrace_state *state, backtrace_free (state, (char *) vec->base + aligned, alc, error_callback, data); vec->alc = 0; + if (vec->size == 0) + vec->base = NULL; return 1; } diff --git a/libbacktrace/unittest.c b/libbacktrace/unittest.c index 576aa080935..6c07aff91ee 100644 --- a/libbacktrace/unittest.c +++ b/libbacktrace/unittest.c @@ -58,6 +58,7 @@ test1 (void) { int res; int failed; + void *prev; struct backtrace_vector vec; @@ -68,8 +69,9 @@ test1 (void) vec.size = 0; count = 0; + prev = vec.base; res = backtrace_vector_release (state, &vec, error_callback, NULL); - failed = res != 1 || count != 0; + failed = res != 1 || count != 0 || vec.base != NULL; printf ("%s: unittest backtrace_vector_release size == 0\n", failed ? "FAIL": "PASS");