[DTrace-devel] [PATCH v2] Fix strchr() tstring free

[eugene.loh at oracle.com]

From: Eugene Loh <eugene.loh at oracle.com>

A node's register and tstring have to be managed independently.  E.g.,
in this case, str's register value is moved to another register, and
so str->dn_reg can be freed.  Meanwhile, the associated tstring is still
in use and cannot be freed until later.

Signed-off-by: Eugene Loh <eugene.loh at oracle.com>
---
 libdtrace/dt_cg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libdtrace/dt_cg.c b/libdtrace/dt_cg.c
index 43ad6971..c4228b82 100644
--- a/libdtrace/dt_cg.c
+++ b/libdtrace/dt_cg.c
@@ -4996,7 +4996,6 @@ dt_cg_subr_strchr(dt_node_t *dnp, dt_irlist_t *dlp, dt_regset_t *drp)
 
 	emit(dlp, BPF_MOV_REG(BPF_REG_1, str->dn_reg));
 	dt_regset_free(drp, str->dn_reg);
-	dt_cg_tstring_free(yypcb, str);
 	emit(dlp, BPF_MOV_REG(BPF_REG_2, chr->dn_reg));
 	dt_regset_free(drp, chr->dn_reg);
 
@@ -5024,6 +5023,7 @@ dt_cg_subr_strchr(dt_node_t *dnp, dt_irlist_t *dlp, dt_regset_t *drp)
 	emite(dlp,  BPF_CALL_FUNC(idp->di_id), idp);
 	dt_regset_free_args(drp);
 	dt_cg_tstring_xfree(yypcb, off);
+	dt_cg_tstring_free(yypcb, str);
 
 	emit (dlp, BPF_BRANCH_IMM(BPF_JEQ, BPF_REG_0, 0, Lfound));
 	emit (dlp, BPF_MOV_IMM(dnp->dn_reg, 0));
@@ -5052,7 +5052,6 @@ dt_cg_subr_strrchr(dt_node_t *dnp, dt_irlist_t *dlp, dt_regset_t *drp)
 
 	emit(dlp, BPF_MOV_REG(BPF_REG_1, str->dn_reg));
 	dt_regset_free(drp, str->dn_reg);
-	dt_cg_tstring_free(yypcb, str);
 	emit(dlp, BPF_MOV_REG(BPF_REG_2, chr->dn_reg));
 	dt_regset_free(drp, chr->dn_reg);
 
@@ -5074,6 +5073,7 @@ dt_cg_subr_strrchr(dt_node_t *dnp, dt_irlist_t *dlp, dt_regset_t *drp)
 	dt_regset_xalloc(drp, BPF_REG_0);
 	emite(dlp,  BPF_CALL_FUNC(idp->di_id), idp);
 	dt_regset_free_args(drp);
+	dt_cg_tstring_free(yypcb, str);
 
 	emit (dlp, BPF_BRANCH_IMM(BPF_JEQ, BPF_REG_0, 0, Lfound));
 	emit (dlp, BPF_MOV_IMM(dnp->dn_reg, 0));
-- 
2.18.4