commit f56d129435a34c415214b1ce00b7c23e28ed1c02
author Petr Machata <pmachata@redhat.com> Mon Jan 07 21:27:54 2013 +0100
committer Petr Machata <pmachata@redhat.com> Fri Mar 08 22:55:32 2013 +0100
tree b6655c95a5aca288116a3dc9cd2bf2771e047fc7
parent d19b91640b2d1bcfeef14d029891dd93217b9c24

Fix cleanup in process_clone fail path

The original code was releasing the original memory, not the clone,
and single block would be released potentially many times.  This led
to severe memory errors.

proc.c

diff --git a/proc.c b/proc.c
index 3225521..acd37e8 100644
--- a/proc.c
+++ b/proc.c
@@ -354,7 +354,7 @@
 {
 	if (process_bare_init(retp, proc->filename, pid, 0) < 0) {
 	fail1:
-		fprintf(stderr, "failed to clone process %d->%d : %s\n",
+		fprintf(stderr, "Failed to clone process %d to %d: %s\n",
 			proc->pid, pid, strerror(errno));
 		return -1;
 	}
@@ -423,7 +423,7 @@
 				size_t j;
 			fail3:
 				for (j = 0; j < i; ++j) {
-					nctx = elem->fetch_context;
+					nctx = retp->callstack[j].fetch_context;
 					fetch_arg_done(nctx);
 					elem->fetch_context = NULL;
 				}
@@ -432,14 +432,13 @@
 			elem->fetch_context = nctx;
 		}
 
-		struct value_dict *args = elem->arguments;
-		if (args != NULL) {
+		if (elem->arguments != NULL) {
 			struct value_dict *nargs = malloc(sizeof(*nargs));
 			if (nargs == NULL
-			    || val_dict_clone(nargs, args) < 0) {
+			    || val_dict_clone(nargs, elem->arguments) < 0) {
 				size_t j;
 				for (j = 0; j < i; ++j) {
-					nargs = elem->arguments;
+					nargs = retp->callstack[j].arguments;
 					val_dict_destroy(nargs);
 					free(nargs);
 					elem->arguments = NULL;