Fix a memory leak in ``UpdateList`` detected by AddressSanitizer.

The overloaded assignment operator previously only deleted the head ``UpdateNode`` if the ``UpdateList`` had exclusive ownership which left the remaining list of ``UpdateNode``s dangling if those nodes had ``refCount`` of 1. To fix this the logic that was previously in the ``UpdateList`` destructor for deleting nodes that were exclusively referenced by the UpdateList has been moved into ``UpdateList::tryFreeNodes()`` so that it can be called from ``UpdateList::operator=()``. It looks like this bug has been in KLEE since the beginning.
author: Dan Liew <daniel.liew@imperial.ac.uk> 2015-12-17 11:43:34 +0000
committer: Dan Liew <daniel.liew@imperial.ac.uk> 2015-12-17 17:23:27 +0000
commit: a0ef27ead67dcc9595585f58f80303cc80ef8dfb (patch)
tree: 35987eee65e150f38ea7aedaec83c2e93493b359 /include
parent: b2e64702cc1ebb1ffe01a32ebde0f179bf09c337 (diff)
download: klee-a0ef27ead67dcc9595585f58f80303cc80ef8dfb.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/include/klee/Expr.h b/include/klee/Expr.h
index af8bf10f..c5a110f8 100644
--- a/include/klee/Expr.h
+++ b/include/klee/Expr.h
@@ -715,6 +715,8 @@ public:
 
   int compare(const UpdateList &b) const;
   unsigned hash() const;
+private:
+  void tryFreeNodes();
 };
 
 /// Class representing a one byte read from an array.
author	Dan Liew <daniel.liew@imperial.ac.uk>	2015-12-17 11:43:34 +0000
committer	Dan Liew <daniel.liew@imperial.ac.uk>	2015-12-17 17:23:27 +0000
commit	a0ef27ead67dcc9595585f58f80303cc80ef8dfb (patch)
tree	35987eee65e150f38ea7aedaec83c2e93493b359 /include
parent	b2e64702cc1ebb1ffe01a32ebde0f179bf09c337 (diff)
download	klee-a0ef27ead67dcc9595585f58f80303cc80ef8dfb.tar.gz