Fix a memory leak found by Hui Zhu <teawater@gmail.com>.

	* c-exp.y (parse_number): Move the S and SAVED_CHAR initialization
	after the DECFLOAT detection to fix a memory leak.  Remove the
	redundant NUM initialization.  Protect the DECFLOAT detection memory
	access before the P block.  Restore the P memory content for the
	DECFLOAT detection.

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index a189dd6..868989f 100644 (file)
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,12 @@
+2008-06-25  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+       Fix a memory leak found by Hui Zhu <teawater@gmail.com>.
+       * c-exp.y (parse_number): Move the S and SAVED_CHAR initialization
+       after the DECFLOAT detection to fix a memory leak.  Remove the
+       redundant NUM initialization.  Protect the DECFLOAT detection memory
+       access before the P block.  Restore the P memory content for the
+       DECFLOAT detection.
+
 2008-06-25  Vladimir Prus  <vladimir@codesourcery.com>
 
        Kill the return value for all MI command functions.

diff --git a/gdb/c-exp.y b/gdb/c-exp.y
index 0f2ee16..bd04dc2 100644 (file)
--- a/gdb/c-exp.y
+++ b/gdb/c-exp.y
@@ -1118,45 +1118,46 @@ parse_number (p, len, parsed_float, putithere)
   if (parsed_float)
     {
       /* It's a float since it contains a point or an exponent.  */
-      char *s = malloc (len);
-      int num = 0;     /* number of tokens scanned by scanf */
-      char saved_char = p[len];
-
-      p[len] = 0;      /* null-terminate the token */
+      char *s;
+      int num; /* number of tokens scanned by scanf */
+      char saved_char;
 
       /* If it ends at "df", "dd" or "dl", take it as type of decimal floating
          point.  Return DECFLOAT.  */
 
-      if (p[len - 2] == 'd' && p[len - 1] == 'f')
+      if (len >= 2 && p[len - 2] == 'd' && p[len - 1] == 'f')
        {
          p[len - 2] = '\0';
          putithere->typed_val_decfloat.type
            = builtin_type (current_gdbarch)->builtin_decfloat;
          decimal_from_string (putithere->typed_val_decfloat.val, 4, p);
-         p[len] = saved_char;
-         return (DECFLOAT);
+         p[len - 2] = 'd';
+         return DECFLOAT;
        }
 
-      if (p[len - 2] == 'd' && p[len - 1] == 'd')
+      if (len >= 2 && p[len - 2] == 'd' && p[len - 1] == 'd')
        {
          p[len - 2] = '\0';
          putithere->typed_val_decfloat.type
            = builtin_type (current_gdbarch)->builtin_decdouble;
          decimal_from_string (putithere->typed_val_decfloat.val, 8, p);
-         p[len] = saved_char;
-         return (DECFLOAT);
+         p[len - 2] = 'd';
+         return DECFLOAT;
        }
 
-      if (p[len - 2] == 'd' && p[len - 1] == 'l')
+      if (len >= 2 && p[len - 2] == 'd' && p[len - 1] == 'l')
        {
          p[len - 2] = '\0';
          putithere->typed_val_decfloat.type
            = builtin_type (current_gdbarch)->builtin_declong;
          decimal_from_string (putithere->typed_val_decfloat.val, 16, p);
-         p[len] = saved_char;
-         return (DECFLOAT);
+         p[len - 2] = 'd';
+         return DECFLOAT;
        }
 
+      s = malloc (len);
+      saved_char = p[len];
+      p[len] = 0;      /* null-terminate the token */
       num = sscanf (p, "%" DOUBLEST_SCAN_FORMAT "%s",
                    &putithere->typed_val_float.dval, s);
       p[len] = saved_char;     /* restore the input stream */