From 6b866d3b0cd6a376196fb85460ec31fd9da7d175 Mon Sep 17 00:00:00 2001 From: Igor Kulaychuk Date: Tue, 15 Nov 2016 17:55:53 +0300 Subject: [PATCH] Fix crash in FunctionMemberPtrArrayHolder destructor (dotnet/coreclr#8113) Some elements in FunctionMember array might not be initialized and contain garbage. This leads to crash when elements are being deleted. Move array allocation inside FunctionMemberPtrArrayHolder class and initialize all array elements to nullptr. Commit migrated from https://github.com/dotnet/coreclr/commit/de9e159ce0b1abad260100d447071c3377d2f34c --- src/coreclr/src/vm/gdbjit.cpp | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/src/coreclr/src/vm/gdbjit.cpp b/src/coreclr/src/vm/gdbjit.cpp index 0b0949b..9801f97 100644 --- a/src/coreclr/src/vm/gdbjit.cpp +++ b/src/coreclr/src/vm/gdbjit.cpp @@ -795,6 +795,14 @@ class FunctionMemberPtrArrayHolder : public NewArrayHolder private: int m_cElements; + void DeleteElements() + { + for (int i = 0; i < m_cElements; i++) + { + delete this->m_value[i]; + } + } + public: FunctionMemberPtrArrayHolder() : NewArrayHolder(), @@ -802,10 +810,23 @@ public: { } - void Set(FunctionMember** value, int cElements) + bool Alloc(int cElements) { + FunctionMember** value = new (nothrow) FunctionMember*[cElements]; + if (value == nullptr) + return false; + + for (int i = 0; i < cElements; i++) + { + value[i] = nullptr; + } + + // Clean previous elements + DeleteElements(); + NewArrayHolder::operator=(value); m_cElements = cElements; + return true; } int GetCount() const @@ -815,10 +836,7 @@ public: ~FunctionMemberPtrArrayHolder() { - for (int i = 0; i < m_cElements; i++) - { - delete this->m_value[i]; - } + DeleteElements(); } }; @@ -1409,8 +1427,7 @@ void NotifyGdb::MethodCompiled(MethodDesc* MethodDescPtr) } int method_count = countFuncs(symInfo, symInfoLen); - method.Set(new (nothrow) FunctionMember*[method_count], method_count); - if (method == nullptr) { + if (!method.Alloc(method_count)) { return; } -- 2.7.4