From: Lancelot SIX <Lancelot.Six@amd.com>
To: Andrew Burgess <aburgess@redhat.com>, gdb-patches@sourceware.org
Cc: lsix@lancelotsix.com
Subject: Re: [PATCH 2/3] gdb/varobj: Fix use after free in varobj
Date: Mon, 20 Jun 2022 16:52:05 +0100 [thread overview]
Message-ID: <25610650-170e-dd08-13c4-58893accaac2@amd.com> (raw)
In-Reply-To: <c88b4a8e-7fe9-3ed0-4ae9-869f3eef6ac7@amd.com>
>>> + if ((*var_handle)->root->exp == nullptr)
>>> + return nullptr;
>>> +
>>
>> I notice that non of the tests in either this patch, or the next one,
>> exercise this condition.
>>
>> Is it possible to create a test for this case?
>
> Will do. Issuing a "-var-update" after the dlclose call in the test
> should exercise this. I did that manually, but forgot to include it in
> the testcaes.
>
Actually, after double checking, this case is not possible. We cannot
reach this point if the the varobj is invalid. The only way to have
`exp == nullptr` and a valid varobj is if the varobj floating.
In this particular case, code a couple of lines above ensure that either
the expression is re-parsed (ensuring exp is not nullptr), or exit the
all function early:
if (var->root->floating)
{
struct varobj *tmp_var;
tmp_var = varobj_create (NULL, var->name.c_str (), (CORE_ADDR) 0,
USE_SELECTED_FRAME);
if (tmp_var == NULL)
{
return NULL;
}
...
}
I'll drop this part of the patch in V2.
I will still update the testcase to still exercise the case where:
var->root->floating && var->root->exp == nullptr
on entry of this function.
Best,
Lancelot.
next prev parent reply other threads:[~2022-06-20 15:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-17 10:10 [PATCH 0/3] Fix some use-after-free errors in varobj code Lancelot SIX
2022-06-17 10:10 ` [PATCH 1/3] MI: mi_runto -pending Lancelot SIX
2022-06-17 10:10 ` [PATCH 2/3] gdb/varobj: Fix use after free in varobj Lancelot SIX
2022-06-17 16:09 ` Andrew Burgess
2022-06-17 16:38 ` Lancelot SIX
2022-06-20 15:52 ` Lancelot SIX [this message]
2022-06-30 18:43 ` Formatting/indentation of lambdas (Re: [PATCH 2/3] gdb/varobj: Fix use after free in varobj) Pedro Alves
2022-07-05 13:33 ` Lancelot SIX
2022-06-17 10:10 ` [PATCH 3/3] gdb/varobj: Fix varobj_invalidate_iter Lancelot SIX
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=25610650-170e-dd08-13c4-58893accaac2@amd.com \
--to=lancelot.six@amd.com \
--cc=aburgess@redhat.com \
--cc=gdb-patches@sourceware.org \
--cc=lsix@lancelotsix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).