From 671fac7c4526b61143f860c4800047c3f7ff6fc4 Mon Sep 17 00:00:00 2001 From: Simon Marchi Date: Thu, 2 Dec 2021 14:04:18 -0500 Subject: gdbsupport: fix memory leak in create_file_handler when re-using file handler ASan made me notice a memory leak, where the memory tied to the file handle name string wasn't freed. When register a file handler with an fd that is already registered, we re-use the file_handler object, so we ended up creating a new std::string object and overwriting the file_handler::name pointer, without free-ing the old std::string. Fix this by allocating file_handler with new, deleting it with delete, and making file_handler::name not a pointer. Change-Id: Ie304cc78ab5ae5dfad9a1366e9890c09de651f43 --- gdbsupport/event-loop.cc | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'gdbsupport/event-loop.cc') diff --git a/gdbsupport/event-loop.cc b/gdbsupport/event-loop.cc index 98d1ada..51cfaec 100644 --- a/gdbsupport/event-loop.cc +++ b/gdbsupport/event-loop.cc @@ -65,8 +65,8 @@ struct file_handler /* Argument to pass to proc. */ gdb_client_data client_data; - /* User-friendly name of this handler. Heap-allocated, owned by this.*/ - std::string *name; + /* User-friendly name of this handler. */ + std::string name; /* If set, this file descriptor is used for a user interface. */ bool is_ui; @@ -315,7 +315,7 @@ create_file_handler (int fd, int mask, handler_func * proc, change the data associated with it. */ if (file_ptr == NULL) { - file_ptr = XNEW (file_handler); + file_ptr = new file_handler; file_ptr->fd = fd; file_ptr->ready_mask = 0; file_ptr->next_file = gdb_notifier.first_file_handler; @@ -366,7 +366,7 @@ create_file_handler (int fd, int mask, handler_func * proc, file_ptr->proc = proc; file_ptr->client_data = client_data; file_ptr->mask = mask; - file_ptr->name = new std::string (std::move (name)); + file_ptr->name = std::move (name); file_ptr->is_ui = is_ui; } @@ -500,8 +500,7 @@ delete_file_handler (int fd) prev_ptr->next_file = file_ptr->next_file; } - delete file_ptr->name; - xfree (file_ptr); + delete file_ptr; } /* Handle the given event by calling the procedure associated to the @@ -571,7 +570,7 @@ handle_file_event (file_handler *file_ptr, int ready_mask) { event_loop_ui_debug_printf (file_ptr->is_ui, "invoking fd file handler `%s`", - file_ptr->name->c_str ()); + file_ptr->name.c_str ()); file_ptr->proc (file_ptr->error, file_ptr->client_data); } } -- cgit v1.1