From bd89b91c697d9aea97abfcd3a3b8043a95216d6d Mon Sep 17 00:00:00 2001 From: Marc Schink Date: Wed, 1 May 2024 10:24:32 +0200 Subject: target/semihosting: Fix double free() Do not free the service in 'connection_closed_handler' because it is free'd by the server infrastructure. Checkpatch-ignore: COMMIT_LOG_LONG_LINE This error was detected with valgrind: ==272468== Invalid free() / delete / delete[] / realloc() ==272468== at 0x484B27F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==272468== by 0x1F34C7: remove_service (server.c:374) ==272468== by 0x2ED3D5: semihosting_tcp_close_cnx (semihosting_common.c:1819) ==272468== by 0x2ED3D5: handle_common_semihosting_redirect_command (semihosting_common.c:1926) ==272468== by 0x1FC703: exec_command (command.c:520) ==272468== by 0x1FC703: jim_command_dispatch (command.c:931) ==272468== by 0x36980F: JimInvokeCommand (in /home/marc/openocd/build/src/openocd) ==272468== by 0x1FFFFFFFFF: ??? ==272468== by 0x53ED09F: ??? ==272468== by 0x300000001: ??? ==272468== by 0x1FFEFFF7FF: ??? ==272468== by 0x3D3984: ??? (in /home/marc/openocd/build/src/openocd) ==272468== by 0x2: ??? ==272468== Address 0x5fff650 is 0 bytes inside a block of size 24 free'd ==272468== at 0x484B27F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==272468== by 0x2ECA42: semihosting_service_connection_closed_handler (semihosting_common.c:1807) ==272468== by 0x1F2E39: remove_connection.isra.0 (server.c:164) ==272468== by 0x1F349E: remove_connections (server.c:350) ==272468== by 0x1F349E: remove_service (server.c:364) ==272468== by 0x2ED3D5: semihosting_tcp_close_cnx (semihosting_common.c:1819) ==272468== by 0x2ED3D5: handle_common_semihosting_redirect_command (semihosting_common.c:1926) ==272468== by 0x1FC703: exec_command (command.c:520) ==272468== by 0x1FC703: jim_command_dispatch (command.c:931) ==272468== by 0x36980F: JimInvokeCommand (in /home/marc/openocd/build/src/openocd) ==272468== by 0x1FFFFFFFFF: ??? ==272468== by 0x53ED09F: ??? ==272468== by 0x300000001: ??? ==272468== by 0x1FFEFFF7FF: ??? ==272468== by 0x3D3984: ??? (in /home/marc/openocd/build/src/openocd) ==272468== Block was alloc'd at ==272468== at 0x484DA83: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==272468== by 0x2ED326: handle_common_semihosting_redirect_command (semihosting_common.c:1931) ==272468== by 0x1FC703: exec_command (command.c:520) ==272468== by 0x1FC703: jim_command_dispatch (command.c:931) ==272468== by 0x36980F: JimInvokeCommand (in /home/marc/openocd/build/src/openocd) ==272468== by 0x1FFFFFFFFF: ??? ==272468== by 0x53ED09F: ??? ==272468== by 0x400000002: ??? ==272468== by 0x1FFEFFF7FF: ??? ==272468== by 0x3D3984: ??? (in /home/marc/openocd/build/src/openocd) ==272468== by 0x2: ??? ==272468== Change-Id: I3e5323f145a98d1ff9ea7d03f87ed96140f49a18 Signed-off-by: Marc Schink Reviewed-on: https://review.openocd.org/c/openocd/+/8257 Tested-by: jenkins Reviewed-by: Antonio Borneo --- src/target/semihosting_common.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/target/semihosting_common.c b/src/target/semihosting_common.c index f7acc60..1eb1957 100644 --- a/src/target/semihosting_common.c +++ b/src/target/semihosting_common.c @@ -1802,10 +1802,8 @@ static int semihosting_service_input_handler(struct connection *connection) static int semihosting_service_connection_closed_handler(struct connection *connection) { struct semihosting_tcp_service *service = connection->service->priv; - if (service) { + if (service) free(service->name); - free(service); - } return ERROR_OK; } -- cgit v1.1