|
From: <sv...@va...> - 2005-12-24 15:33:35
|
Author: sewardj
Date: 2005-12-24 15:33:32 +0000 (Sat, 24 Dec 2005)
New Revision: 5429
Log:
Fix read-after-free in VG_(HT_destruct). This fixes
memcheck/tests/mempools. Thanks to Jeroen Witmond for tracking it
down.
Modified:
trunk/coregrind/m_hashtable.c
trunk/docs/internals/3_1_BUGSTATUS.txt
Modified: trunk/coregrind/m_hashtable.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- trunk/coregrind/m_hashtable.c 2005-12-24 12:55:48 UTC (rev 5428)
+++ trunk/coregrind/m_hashtable.c 2005-12-24 15:33:32 UTC (rev 5429)
@@ -234,11 +234,12 @@
=20
void VG_(HT_destruct)(VgHashTable table)
{
- UInt i;
- VgHashNode* node;
+ UInt i;
+ VgHashNode *node, *node_next;
=20
for (i =3D 0; i < table->n_chains; i++) {
- for (node =3D table->chains[i]; node !=3D NULL; node =3D node->nex=
t) {
+ for (node =3D table->chains[i]; node !=3D NULL; node =3D node_next=
) {
+ node_next =3D node->next;
VG_(free)(node);
}
}
Modified: trunk/docs/internals/3_1_BUGSTATUS.txt
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- trunk/docs/internals/3_1_BUGSTATUS.txt 2005-12-24 12:55:48 UTC (rev 5=
428)
+++ trunk/docs/internals/3_1_BUGSTATUS.txt 2005-12-24 15:33:32 UTC (rev 5=
429)
@@ -23,7 +23,7 @@
pending pending 118274 amd64: 0xDD #7 (fnsave)
pending pending 118466 add %r,%r mishandled by memcheck
pending pending n-i-bz VALGRIND_COUNT_LEAKS arg types (Olly Betts)
-pending pending n-i-bz memcheck/tests/mempool reads freed memory
+v5429 pending n-i-bz memcheck/tests/mempool reads freed memory
v5366/67/70 pending n-i-bz AshleyP's custom-allocator assertion
vx1501 pending n-i-bz Dirk strict-aliasing stuff
v5368 pending n-i-bz More space for debugger cmd line (Dan Thale=
r)
|