diff options
author | Mikhail Rasputin <mikhail.godlike.rasputin@yandex.ru> | 2020-06-24 19:21:31 +0300 |
---|---|---|
committer | Antonio Borneo <borneo.antonio@gmail.com> | 2020-07-08 22:05:06 +0100 |
commit | 70f69f872857fd94ed252088d00e071e57d07b39 (patch) | |
tree | a2dd7007ae396ace28f2df0726a079163189b6f4 | |
parent | ef14384b681af4f731f768bb866457832af6925f (diff) | |
download | riscv-openocd-70f69f872857fd94ed252088d00e071e57d07b39.zip riscv-openocd-70f69f872857fd94ed252088d00e071e57d07b39.tar.gz riscv-openocd-70f69f872857fd94ed252088d00e071e57d07b39.tar.bz2 |
jtag/tcl: fix a double free of jim object
The Jim_SetResultFormatted() frees jim object earlier and the
Jim_FreeNewObj() does it second time. It breaks the memory heap.
To avoid it the Jim_IncrRefCount() + Jim_DecrRefCount() should be used
instead of the Jim_FreeNewObj() call.
Change-Id: Ifa5f38009b2d617624b5f27e916720888a3dbad9
Signed-off-by: Mikhail Rasputin <mikhail.godlike.rasputin@yandex.ru>
Reviewed-on: http://openocd.zylin.com/5724
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
-rw-r--r-- | src/jtag/tcl.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/jtag/tcl.c b/src/jtag/tcl.c index d2f1f0d..8b76bff 100644 --- a/src/jtag/tcl.c +++ b/src/jtag/tcl.c @@ -689,8 +689,9 @@ static int jim_jtag_arp_init(Jim_Interp *interp, int argc, Jim_Obj *const *argv) int e = jtag_init_inner(context); if (e != ERROR_OK) { Jim_Obj *eObj = Jim_NewIntObj(goi.interp, e); + Jim_IncrRefCount(eObj); Jim_SetResultFormatted(goi.interp, "error: %#s", eObj); - Jim_FreeNewObj(goi.interp, eObj); + Jim_DecrRefCount(goi.interp, eObj); return JIM_ERR; } return JIM_OK; @@ -713,8 +714,9 @@ static int jim_jtag_arp_init_reset(Jim_Interp *interp, int argc, Jim_Obj *const if (e != ERROR_OK) { Jim_Obj *eObj = Jim_NewIntObj(goi.interp, e); + Jim_IncrRefCount(eObj); Jim_SetResultFormatted(goi.interp, "error: %#s", eObj); - Jim_FreeNewObj(goi.interp, eObj); + Jim_DecrRefCount(goi.interp, eObj); return JIM_ERR; } return JIM_OK; |