This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[LTO][PATCH] Fix dangling pointer use bug.

From: "=?big5?b?RG91ZyBLd2FuICjD9q62vHcp?=" <dougkwan at google dot com>
To: gcc-patches <gcc-patches at gcc dot gnu dot org>, "Rafael Espindola" <espindola at google dot com>
Date: Wed, 20 Aug 2008 19:23:56 -0700
Subject: [LTO][PATCH] Fix dangling pointer use bug.

Hi,

    This patch fixes a use of a dangling pointer ob->main_hash_table
after the output block pointed to by ob has been deleted.  Tested on
i686-unknown-linux-gnu.

-Doug

2008-08-20  Doug Kwan  <dougkwan@google.com>

        * lto-function-out.c (create_output_block): Use XCNEW instead of
        xcalloc.
        (destroy_output_block): Delete MAIN_HASH_TABLE if present.
        * lto-section-out.c: Move call to destroy_output_block to be after
        all use of OB.  Remove call to htab_delete of MAIN_HASH_TABLE of OB.

Index: gcc/gcc/lto-function-out.c
===================================================================
--- gcc/gcc/lto-function-out.c	(revision 139367)
+++ gcc/gcc/lto-function-out.c	(working copy)
@@ -159,8 +159,7 @@ clear_line_info (struct output_block *ob
 struct output_block *
 create_output_block (enum lto_section_type section_type)
 {
-  struct output_block *ob
-    = (struct output_block *) xcalloc (1, sizeof (struct output_block));
+  struct output_block *ob = XCNEW (struct output_block);

   ob->section_type = section_type;
   ob->decl_state = lto_get_out_decl_state ();
@@ -210,6 +209,9 @@ destroy_output_block (struct output_bloc

   htab_delete (ob->string_hash_table);

+  if (ob->main_hash_table)
+    htab_delete (ob->main_hash_table);
+
   free (ob->main_stream);
   free (ob->string_stream);
   free (ob->named_label_stream);
Index: gcc/gcc/lto-section-out.c
===================================================================
--- gcc/gcc/lto-section-out.c	(revision 139367)
+++ gcc/gcc/lto-section-out.c	(working copy)
@@ -1108,8 +1108,6 @@ produce_asm_for_decls (void)
   lto_write_stream (ob->debug_main_stream);
 #endif

-  /* Deallocate memory and clean up.  */
-  destroy_output_block (ob);

   htab_delete (out_state->field_decl_hash_table);
   htab_delete (out_state->fn_decl_hash_table);
@@ -1125,8 +1123,8 @@ produce_asm_for_decls (void)
 		  out_state->fn_decls,
 		  out_state->var_decls);

-  /* Finish cleanup. */
-  htab_delete (ob->main_hash_table);
+  /* Deallocate memory and clean up.  */
+  destroy_output_block (ob);

   VEC_free (tree, heap, out_state->field_decls);
   VEC_free (tree, heap, out_state->fn_decls);

Follow-Ups:
- Re: [LTO][PATCH] Fix dangling pointer use bug.
  - From: Rafael Espindola
- Re: [LTO][PATCH] Fix dangling pointer use bug.
  - From: Diego Novillo

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]