From: Lancelot SIX <lancelot.six@amd.com>
To: <gdb-patches@sourceware.org>
Cc: <lsix@lancelotsix.com>, Lancelot SIX <lancelot.six@amd.com>
Subject: [PATCH 0/3] Fix some use-after-free errors in varobj code
Date: Fri, 17 Jun 2022 11:10:21 +0100 [thread overview]
Message-ID: <20220617101024.2830260-1-lancelot.six@amd.com> (raw)
Hi,
This series aims at fixing some use-after free errors we have observed around
the varobj code. When a objfile is freed, the varobj can keep references to
the objfile and to objects that used to live on the objfile's objstack (types
among other things).
This can mainly be observed when debugging code which loads and unloads shared
libraries during its lifetime. Without such scenario the problems exist but
are rarely exposed as the references to freed memory are not used.
The first patch of the series was originally written by Pedro. It improves
mi-support.exp so `mi_runto` now accepts a `-pending` flag, which will be used
in the following patch.
Patch #2 fixes the actual use-after free errors by ensuring that we clear all
references to the objfile before it is freed.
Patch #3 fix some inaccuracies in the current varobj_invalidate mechanism which
is used to invalidate/recreate varobj when loading a new objfile.
All feedback are welcome.
Regression tested on x86_64.
Lancelot SIX (2):
gdb/varobj: Fix use after free in varobj
gdb/varobj: Fix varobj_invalidate_iter
Pedro Alves (1):
MI: mi_runto -pending
.../gdb.mi/mi-var-invalidate-shlib-lib.c | 30 ++++++
.../gdb.mi/mi-var-invalidate-shlib.c | 27 ++++++
.../gdb.mi/mi-var-invalidate-shlib.exp | 91 +++++++++++++++++++
gdb/testsuite/lib/mi-support.exp | 68 ++++++++++++--
gdb/value.c | 21 +++++
gdb/varobj.c | 86 ++++++++++++++++--
6 files changed, 308 insertions(+), 15 deletions(-)
create mode 100644 gdb/testsuite/gdb.mi/mi-var-invalidate-shlib-lib.c
create mode 100644 gdb/testsuite/gdb.mi/mi-var-invalidate-shlib.c
create mode 100644 gdb/testsuite/gdb.mi/mi-var-invalidate-shlib.exp
base-commit: 5fb28d2607a8325559b44a5dc0c8760236c81218
--
2.25.1
next reply other threads:[~2022-06-17 10:10 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-17 10:10 Lancelot SIX [this message]
2022-06-17 10:10 ` [PATCH 1/3] MI: mi_runto -pending Lancelot SIX
2022-06-17 10:10 ` [PATCH 2/3] gdb/varobj: Fix use after free in varobj Lancelot SIX
2022-06-17 16:09 ` Andrew Burgess
2022-06-17 16:38 ` Lancelot SIX
2022-06-20 15:52 ` Lancelot SIX
2022-06-30 18:43 ` Formatting/indentation of lambdas (Re: [PATCH 2/3] gdb/varobj: Fix use after free in varobj) Pedro Alves
2022-07-05 13:33 ` Lancelot SIX
2022-06-17 10:10 ` [PATCH 3/3] gdb/varobj: Fix varobj_invalidate_iter Lancelot SIX
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220617101024.2830260-1-lancelot.six@amd.com \
--to=lancelot.six@amd.com \
--cc=gdb-patches@sourceware.org \
--cc=lsix@lancelotsix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).