bug #42056: double free or corruption triggered at exit

* pgm.c: copy usbpid list in pgm_dup


git-svn-id: svn://svn.savannah.nongnu.org/avrdude/trunk/avrdude@1298 81a1dc3b-b13d-400b-aceb-764788c761c2
This commit is contained in:
rliebscher 2014-04-14 21:41:43 +00:00
parent 41607055a6
commit ba380bd67a
2 changed files with 19 additions and 0 deletions

View File

@ -1,3 +1,8 @@
2014-04-14 Rene Liebscher <R.Liebscher@gmx.de>
bug #42056: double free or corruption triggered at exit
* pgm.c: copy usbpid list in pgm_dup
2014-04-05 Joerg Wunsch <j.gnu@uriah.heep.sax.de>
* avrdude.1: Remove the note that users might edit the system-wide

14
pgm.c
View File

@ -143,6 +143,7 @@ void pgm_free(PROGRAMMER * const p)
ldestroy_cb(p->id, free);
ldestroy_cb(p->usbpid, free);
p->id = NULL;
p->usbpid = NULL;
/* this is done by pgm_teardown, but usually cookie is not set to NULL */
/* if (p->cookie !=NULL) {
free(p->cookie);
@ -154,6 +155,7 @@ void pgm_free(PROGRAMMER * const p)
PROGRAMMER * pgm_dup(const PROGRAMMER * const src)
{
PROGRAMMER * pgm;
LNODEID ln;
pgm = (PROGRAMMER *)malloc(sizeof(*pgm));
if (pgm == NULL) {
@ -165,6 +167,18 @@ PROGRAMMER * pgm_dup(const PROGRAMMER * const src)
memcpy(pgm, src, sizeof(*pgm));
pgm->id = lcreat(NULL, 0);
pgm->usbpid = lcreat(NULL, 0);
for (ln = lfirst(src->usbpid); ln; ln = lnext(ln)) {
int *ip = malloc(sizeof(int));
if (ip == NULL) {
fprintf(stderr, "%s: out of memory allocating programmer structure\n",
progname);
exit(1);
}
*ip = *(int *) ldata(ln);
ladd(pgm->usbpid, ip);
}
return pgm;
}