From: Lancelot SIX <lancelot.six@amd.com>
To: <gdb-patches@sourceware.org>
Cc: <lsix@lancelotsix.com>, Lancelot SIX <lancelot.six@amd.com>
Subject: [PATCH v2 0/3] Fix some use-after-free errors in varobj code
Date: Mon, 20 Jun 2022 18:19:12 +0100 [thread overview]
Message-ID: <20220620171915.509358-1-lancelot.six@amd.com> (raw)
Hi, this is a V2 for https://sourceware.org/pipermail/gdb-patches/2022-June/190138.html.
Noticeable changes since V1:
Patch #1:
- Added a hunk which somehow slipped into patch #2 in the previous iteration.
Patch #2:
- Address Andrew's comments.
- Removed the change in gdb/testsuite/lib/mi-support.exp as this change really
belonged to Patch #1.
- Reworked the testcase
- Only rely on dlclose to trigger the new code. Do not reload the binary
and restart the process as this involves varobj_invalidate. This part of
the test is moved to patch #3.
- Remove the var->root->exp == nullptr from value_of_root as this case
cannot happen as discussed in https://sourceware.org/pipermail/gdb-patches/2022-June/190171.html
Patch #3:
- Reworked the testcase to highlight that a varobj tracking a global from
the main executable is re-created when reloading the process while a varobj
tracking a global in a lazily loaded shlib stays invalidated.
---
Hi,
This series aims at fixing some use-after free errors we have observed around
the varobj code. When a objfile is freed, the varobj can keep references to
the objfile and to objects that used to live on the objfile's objstack (types
among other things).
This can mainly be observed when debugging code which loads and unloads shared
libraries during its lifetime. Without such scenario the problems exist but
are rarely exposed as the references to freed memory are not used.
The first patch of the series was originally written by Pedro. It improves
mi-support.exp so `mi_runto` now accepts a `-pending` flag, which will be used
in the following patch.
Patch #2 fixes the actual use-after free errors by ensuring that we clear all
references to the objfile before it is freed.
Patch #3 fix some inaccuracies in the current varobj_invalidate mechanism which
is used to invalidate/recreate varobj when loading a new objfile.
All feedback are welcome.
Regression tested on x86_64.
Lancelot SIX (2):
gdb/varobj: Fix use after free in varobj
gdb/varobj: Fix varobj_invalidate_iter
Pedro Alves (1):
MI: mi_runto -pending
.../gdb.mi/mi-var-invalidate-shlib-lib.c | 30 +++++
.../gdb.mi/mi-var-invalidate-shlib.c | 43 ++++++
.../gdb.mi/mi-var-invalidate-shlib.exp | 124 ++++++++++++++++++
gdb/testsuite/lib/mi-support.exp | 68 +++++++++-
gdb/value.c | 27 ++++
gdb/varobj.c | 80 +++++++++--
6 files changed, 357 insertions(+), 15 deletions(-)
create mode 100644 gdb/testsuite/gdb.mi/mi-var-invalidate-shlib-lib.c
create mode 100644 gdb/testsuite/gdb.mi/mi-var-invalidate-shlib.c
create mode 100644 gdb/testsuite/gdb.mi/mi-var-invalidate-shlib.exp
base-commit: 5fb28d2607a8325559b44a5dc0c8760236c81218
--
2.25.1
next reply other threads:[~2022-06-20 17:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-20 17:19 Lancelot SIX [this message]
2022-06-20 17:19 ` [PATCH v2 1/3] MI: mi_runto -pending Lancelot SIX
2022-06-20 17:19 ` [PATCH v2 2/3] gdb/varobj: Fix use after free in varobj Lancelot SIX
2022-06-20 17:19 ` [PATCH v2 3/3] gdb/varobj: Fix varobj_invalidate_iter Lancelot SIX
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220620171915.509358-1-lancelot.six@amd.com \
--to=lancelot.six@amd.com \
--cc=gdb-patches@sourceware.org \
--cc=lsix@lancelotsix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).