[libbacktrace] Don't point to released memory in backtrace_vector_release

When backtrace_vector_release is called with vec.size == 0, it releases the
memory pointed at by vec.base.

Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released
memory.

Bootstrapped and reg-tested on x86_64.

2018-11-27  Tom de Vries  <tdevries@suse.de>

	* mmap.c (backtrace_vector_release): Same.
	* unittest.c (test1): Add check.

From-SVN: r266505

3 files changed, 8 insertions, 1 deletions

diff --git a/libbacktrace/ChangeLog b/libbacktrace/ChangeLog
index 255e2c8..e7fdfd8 100644
--- a/libbacktrace/ChangeLog
+++ b/libbacktrace/ChangeLog
@@ -1,5 +1,10 @@
 2018-11-27  Tom de Vries  <tdevries@suse.de>
 
+	* mmap.c (backtrace_vector_release): Same.
+	* unittest.c (test1): Add check.
+
+2018-11-27  Tom de Vries  <tdevries@suse.de>
+
 	* alloc.c (backtrace_vector_release): Handle vec->size == 0 using free
 	instead of realloc.
 	* Makefile.am (check_PROGRAMS): Add unittest.
diff --git a/libbacktrace/mmap.c b/libbacktrace/mmap.c
index 32fcba6..9f896a1 100644
--- a/libbacktrace/mmap.c
+++ b/libbacktrace/mmap.c
@@ -321,5 +321,7 @@ backtrace_vector_release (struct backtrace_state *state,
   backtrace_free (state, (char *) vec->base + aligned, alc,
 		  error_callback, data);
   vec->alc = 0;
+  if (vec->size == 0)
+    vec->base = NULL;
   return 1;
 }
diff --git a/libbacktrace/unittest.c b/libbacktrace/unittest.c
index 576aa08..3471d78 100644
--- a/libbacktrace/unittest.c
+++ b/libbacktrace/unittest.c
@@ -69,7 +69,7 @@ test1 (void)
 
   count = 0;
   res = backtrace_vector_release (state, &vec, error_callback, NULL);
-  failed = res != 1 || count != 0;
+  failed = res != 1 || count != 0 || vec.base != NULL;
 
   printf ("%s: unittest backtrace_vector_release size == 0\n",
 	  failed ? "FAIL": "PASS");