From 84a4591a7ba0c83c165cde85898086e9a4019b0d Mon Sep 17 00:00:00 2001 From: Andy Wingo Date: Wed, 11 Mar 2015 14:25:29 +0100 Subject: [PATCH] Fix memory corruption in Guile command interface Re-registering a command will delete previous commands of the same name, running the destroyer for the command object. The Guile destroyer incorrectly tried to xfree the name and other strings, which is invalid as they are on the GC heap. gdb/ChangeLog: * guile/scm-cmd.c (cmdscm_destroyer): Don't xfree the name and other strings, as these are on the GC'd heap, and will be collected along with the smob. --- gdb/ChangeLog | 6 ++++++ gdb/guile/scm-cmd.c | 5 ----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index 38d30051e6d..4066a793d0b 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,9 @@ +2015-03-11 Andy Wingo + + * guile/scm-cmd.c (cmdscm_destroyer): Don't xfree the name and + other strings, as these are on the GC'd heap, and will be + collected along with the smob. + 2015-03-11 Andy Wingo * guile/scm-objfile.c (gdbscm_objfile_progspace): New function. diff --git a/gdb/guile/scm-cmd.c b/gdb/guile/scm-cmd.c index c870fcc9e28..202721bb6d5 100644 --- a/gdb/guile/scm-cmd.c +++ b/gdb/guile/scm-cmd.c @@ -286,11 +286,6 @@ cmdscm_destroyer (struct cmd_list_element *self, void *context) command_smob *c_smob = (command_smob *) context; cmdscm_release_command (c_smob); - - /* We allocated the name, doc string, and perhaps the prefix name. */ - xfree ((char *) self->name); - xfree ((char *) self->doc); - xfree ((char *) self->prefixname); } /* Called by gdb to invoke the command. */ -- 2.30.2