libctf: fix use-after-free in function dumping

This is actually a free-before-initializing (i.e. a free of garbage). libctf/ * ctf-dump.c (ctf_dump_funcs): Free in the right place.
author: Nick Alcock <nick.alcock@oracle.com> 2019-06-03 20:26:02 +0100
committer: Nick Alcock <nick.alcock@oracle.com> 2019-06-04 17:05:08 +0100
commit: 941accce38bc70a23c62e3c9439b67bf23298124 (patch)
tree: 995cef6235d637bfb7a2cb87cea03dab1ade001d
parent: a610aa4f9cf61d38b8e0fe60dfaac078d636089f (diff)
download: gdb-941accce38bc70a23c62e3c9439b67bf23298124.zip
gdb-941accce38bc70a23c62e3c9439b67bf23298124.tar.gz
gdb-941accce38bc70a23c62e3c9439b67bf23298124.tar.bz2
2 files changed, 5 insertions, 1 deletions
diff --git a/libctf/ChangeLog b/libctf/ChangeLog
index d059d58..01b8d8da 100644
--- a/libctf/ChangeLog
+++ b/libctf/ChangeLog
@@ -1,3 +1,7 @@
+2019-06-03  Nick Alcock  <nick.alcock@oracle.com>
+
+	* ctf-dump.c (ctf_dump_funcs): Free in the right place.
+
 2019-05-29  Nick Alcock  <nick.alcock@oracle.com>
 
 	* Makefile.am (ZLIB): New.
diff --git a/libctf/ctf-dump.c b/libctf/ctf-dump.c
index c2ed791..82f63c2 100644
--- a/libctf/ctf-dump.c
+++ b/libctf/ctf-dump.c
@@ -273,7 +273,6 @@ ctf_dump_funcs (ctf_file_t *fp, ctf_dump_state_t *state)
 	goto err;
 
       str = ctf_str_append (str, " ");
-      free (bit);
 
       /* Function name.  */
 
@@ -290,6 +289,7 @@ ctf_dump_funcs (ctf_file_t *fp, ctf_dump_state_t *state)
 	}
       str = ctf_str_append (str, bit);
       str = ctf_str_append (str, " (");
+      free (bit);
 
       /* Function arguments.  */
author	Nick Alcock <nick.alcock@oracle.com>	2019-06-03 20:26:02 +0100
committer	Nick Alcock <nick.alcock@oracle.com>	2019-06-04 17:05:08 +0100
commit	941accce38bc70a23c62e3c9439b67bf23298124 (patch)
tree	995cef6235d637bfb7a2cb87cea03dab1ade001d
parent	a610aa4f9cf61d38b8e0fe60dfaac078d636089f (diff)
download	gdb-941accce38bc70a23c62e3c9439b67bf23298124.zip gdb-941accce38bc70a23c62e3c9439b67bf23298124.tar.gz gdb-941accce38bc70a23c62e3c9439b67bf23298124.tar.bz2