Fix access of an already freed memory.

	* parse.c (parse_field_expression): Call xstrdup on `*name'.
	* completer.c (expression_completer): Free fieldname.

3 files changed, 13 insertions, 1 deletions

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index c8d4039..faf0053 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,9 @@
+2008-11-24  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	Fix access of an already freed memory.
+	* parse.c (parse_field_expression): Call xstrdup on `*name'.
+	* completer.c (expression_completer): Free fieldname.
+
 2008-11-24  Daniel Jacobowitz  <dan@codesourcery.com>
 
 	PR gdb/2474
diff --git a/gdb/completer.c b/gdb/completer.c
index e7ee817..d109140 100644
--- a/gdb/completer.c
+++ b/gdb/completer.c
@@ -414,9 +414,11 @@ expression_completer (char *text, char *word)
 
 	  add_struct_fields (type, &out, result, fieldname, flen);
 	  result[out] = NULL;
+	  xfree (fieldname);
 	  return result;
 	}
     }
+  xfree (fieldname);
 
   /* Commands which complete on locations want to see the entire
      argument.  */
diff --git a/gdb/parse.c b/gdb/parse.c
index 6200e81..3575306 100644
--- a/gdb/parse.c
+++ b/gdb/parse.c
@@ -1090,7 +1090,8 @@ parse_expression (char *string)
 /* Parse STRING as an expression.  If parsing ends in the middle of a
    field reference, return the type of the left-hand-side of the
    reference; furthermore, if the parsing ends in the field name,
-   return the field name in *NAME.  In all other cases, return NULL.  */
+   return the field name in *NAME.  In all other cases, return NULL.
+   Returned non-NULL *NAME must be freed by the caller.  */
 
 struct type *
 parse_field_expression (char *string, char **name)
@@ -1120,6 +1121,9 @@ parse_field_expression (char *string, char **name)
       xfree (exp);
       return NULL;
     }
+  /* (*NAME) is a part of the EXP memory block freed below.  */
+  *name = xstrdup (*name);
+
   val = evaluate_subexpression_type (exp, subexp);
   xfree (exp);