This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [Patch, Fortran] PR58803 - Prevent a double-free with proc-pointer components
- From: Steve Kargl <sgk at troutmask dot apl dot washington dot edu>
- To: Tobias Burnus <burnus at net-b dot de>
- Cc: gcc patches <gcc-patches at gcc dot gnu dot org>, gfortran <fortran at gcc dot gnu dot org>
- Date: Mon, 21 Oct 2013 12:27:44 -0700
- Subject: Re: [Patch, Fortran] PR58803 - Prevent a double-free with proc-pointer components
- Authentication-results: sourceware.org; auth=none
- References: <5265611B dot 7030906 at net-b dot de> <20131021183029 dot GA55762 at troutmask dot apl dot washington dot edu> <52657AB6 dot 6080503 at net-b dot de>
On Mon, Oct 21, 2013 at 09:04:22PM +0200, Tobias Burnus wrote:
> Steve Kargl wrote:
> > On Mon, Oct 21, 2013 at 07:15:07PM +0200, Tobias Burnus wrote:
> >> - c->tb = tb;
> >> + if (num == 1)
> >> + c->tb = tb;
> >> + else
> >> + {
> >> + c->tb = XCNEW (gfc_typebound_proc);
(see below)
> >> + c->tb->where = gfc_current_locus;
> >> + *c->tb = *tb;
> > I haven't convinced myself yet, but is this leaking memory?
> >
> > Lines 5006-7 are
> >
> > tb = XCNEW (gfc_typebound_proc);
> > tb->where = gfc_current_locus;
> >
> > In the num = 1 case, c->tb = tb and I presume during teardown
> > c->tb is freed and by extension tb. But, in the else case,
> > are you copying the contents from *tb into *c->tb and the tb
> > is never freed?
>
> Well, as the double-free PR shows, free_components frees the memory:
> "free (p->tb);". And as it walks all components ?
Argh. I misread the code. Instead of 'c->tb = XCNEW(...' above,
I "saw" 'tb = XCNEW(...'. So, I thought you might be leaking a
local copy of tb.
With that misunderstanding cleared up, the patch looks fine.
--
Steve