interesting
/
riscv-openocd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

jtag/tcl: fix a double free of jim object 

The Jim_SetResultFormatted() frees jim object earlier and the
Jim_FreeNewObj() does it second time. It breaks the memory heap.

To avoid it the Jim_IncrRefCount() + Jim_DecrRefCount() should be used
instead of the Jim_FreeNewObj() call.

Change-Id: Ifa5f38009b2d617624b5f27e916720888a3dbad9
Signed-off-by: Mikhail Rasputin <mikhail.godlike.rasputin@yandex.ru>
Reviewed-on: http://openocd.zylin.com/5724
Tested-by: jenkins
Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com>
This commit is contained in:
Mikhail Rasputin 2020-06-24 19:21:31 +03:00 committed by Antonio Borneo
parent ef14384b68
commit 70f69f8728
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/jtag/tcl.c
View File

@ -689,8 +689,9 @@ static int jim_jtag_arp_init(Jim_Interp *interp, int argc, Jim_Obj *const *argv)
int e = jtag_init_inner(context); int e = jtag_init_inner(context);
if (e != ERROR_OK) { if (e != ERROR_OK) {
Jim_Obj *eObj = Jim_NewIntObj(goi.interp, e); Jim_Obj *eObj = Jim_NewIntObj(goi.interp, e);
Jim_IncrRefCount(eObj);
Jim_SetResultFormatted(goi.interp, "error: %#s", eObj); Jim_SetResultFormatted(goi.interp, "error: %#s", eObj);
Jim_FreeNewObj(goi.interp, eObj); Jim_DecrRefCount(goi.interp, eObj);
return JIM_ERR; return JIM_ERR;
} }
return JIM_OK; return JIM_OK;
@ -713,8 +714,9 @@ static int jim_jtag_arp_init_reset(Jim_Interp *interp, int argc, Jim_Obj *const
if (e != ERROR_OK) { if (e != ERROR_OK) {
Jim_Obj *eObj = Jim_NewIntObj(goi.interp, e); Jim_Obj *eObj = Jim_NewIntObj(goi.interp, e);
Jim_IncrRefCount(eObj);
Jim_SetResultFormatted(goi.interp, "error: %#s", eObj); Jim_SetResultFormatted(goi.interp, "error: %#s", eObj);
Jim_FreeNewObj(goi.interp, eObj); Jim_DecrRefCount(goi.interp, eObj);
return JIM_ERR; return JIM_ERR;
} }
return JIM_OK; return JIM_OK;