Fix double free error in do_eval.

2 files changed, 18 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index f3772314..68958a72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2014-05-09         Arnold D. Robbins     <arnold@skeeve.com>
+
+	* debug.c (do_eval): Don't free `f' which points into the context
+	that was previously freed. Bug reported by Jan Chaloupka
+	<jchaloup@redhat.com>.  Apparently introduced with move to
+	SYMTAB and FUNCTAB, but only showed up on Fedora 20 and Ubuntu 14.04,
+	which have a newer glibc.
+
 2014-05-04         Arnold D. Robbins     <arnold@skeeve.com>
 
 	* debug.c (debug_prog): Change check for GAWK_RESTART so that it
diff --git a/debug.c b/debug.c
index 84e69d47..1ff43bd6 100644
--- a/debug.c
+++ b/debug.c
@@ -5565,8 +5565,16 @@ do_eval(CMDARG *arg, int cmd ATTRIBUTE_UNUSED)
 
 	pop_context();	/* switch to prev context */
 	free_context(ctxt, (ret_val != NULL));   /* free all instructions and optionally symbols */
-	if (ret_val != NULL)
-		destroy_symbol(f);	/* destroy "@eval" */
+
+	/*
+	 * May 2014:
+	 * Don't do this. f points into the context we just released.
+	 * Only showed up on Fedora 20 / Ubuntu 14.04.
+	 *
+	 * if (ret_val != NULL)
+	 *	destroy_symbol(f);	// destroy "@eval"
+	 */
+
 	return false;
 }