From a0ef27ead67dcc9595585f58f80303cc80ef8dfb Mon Sep 17 00:00:00 2001 From: Dan Liew Date: Thu, 17 Dec 2015 11:43:34 +0000 Subject: Fix a memory leak in ``UpdateList`` detected by AddressSanitizer. The overloaded assignment operator previously only deleted the head ``UpdateNode`` if the ``UpdateList`` had exclusive ownership which left the remaining list of ``UpdateNode``s dangling if those nodes had ``refCount`` of 1. To fix this the logic that was previously in the ``UpdateList`` destructor for deleting nodes that were exclusively referenced by the UpdateList has been moved into ``UpdateList::tryFreeNodes()`` so that it can be called from ``UpdateList::operator=()``. It looks like this bug has been in KLEE since the beginning. --- include/klee/Expr.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/klee/Expr.h b/include/klee/Expr.h index af8bf10f..c5a110f8 100644 --- a/include/klee/Expr.h +++ b/include/klee/Expr.h @@ -715,6 +715,8 @@ public: int compare(const UpdateList &b) const; unsigned hash() const; +private: + void tryFreeNodes(); }; /// Class representing a one byte read from an array. -- cgit 1.4.1