* [pushed] Fix undefined behavior in gdbserver
@ 2020-10-20 16:31 Tom Tromey
0 siblings, 0 replies; only message in thread
From: Tom Tromey @ 2020-10-20 16:31 UTC (permalink / raw)
To: gdb-patches; +Cc: Tom Tromey
PR gdb/26742 points out some undefined behavior in gdbserver. The bug
is that remove_thread does:
free_one_thread (thread);
if (current_thread == thread)
current_thread = NULL;
However, the equality check is undefined, because "thread" has already
been freed.
This patch fixes the bug by moving the check earlier.
Tested on x86-64 Fedora 32.
gdbserver/ChangeLog
2020-10-20 Tom Tromey <tromey@adacore.com>
PR gdb/26742:
* inferiors.cc (remove_thread): Clear current_thread before
freeing the thread.
---
gdbserver/ChangeLog | 6 ++++++
gdbserver/inferiors.cc | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/gdbserver/inferiors.cc b/gdbserver/inferiors.cc
index 861c9f3e338..9a1280d039b 100644
--- a/gdbserver/inferiors.cc
+++ b/gdbserver/inferiors.cc
@@ -103,9 +103,9 @@ remove_thread (struct thread_info *thread)
discard_queued_stop_replies (ptid_of (thread));
all_threads.remove (thread);
- free_one_thread (thread);
if (current_thread == thread)
current_thread = NULL;
+ free_one_thread (thread);
}
void *
--
2.26.2
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-10-20 16:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-20 16:31 [pushed] Fix undefined behavior in gdbserver Tom Tromey
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).