From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2044.outbound.protection.outlook.com [40.107.95.44]) by sourceware.org (Postfix) with ESMTPS id 1C9CA3857825 for ; Mon, 20 Jun 2022 15:52:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 1C9CA3857825 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FHyDtHypfoDXNKsMW1/p1WDOIg8S0sMInDsO1iohQ9r1rdHiXoeMceimb++bH4Zg4UTbsQjSi5MX9eehfieiUj1gEU36K5oN35aEcs6vMQ2ptmjP1ZkRb3YML5n1nxt1nHSzOOmsAJBTi8vf4S1ddCJfGKtpH47JNIR6mZ2BsB2bvFeHA0DhYgOj3s7LYTVczJ3xlF+xEmawAQ5u8OYz3E8ppgYm4StIqp7NP3I0lxyCms+LpdAbD0/eemTzSkl0tJ7R/K6oY/YzxjUnm+ESCnPCaJxarH+3PbSK+2zMEOpgxA4fHsBEFqDQAsBnh5aaKycKRcIUpz7jHk0RFpqooQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iVqlR+cidmemvdXPNYuS1xjJP7Ccas/MaTyF7K+Lwv4=; b=Iqj4Z4ng/bxP6NNTsGPKXAUr4K03MH5Fu+Ki2i3Y5ufwfdoD/GnbEUybgSeSRhLEHXhvUao/jsSl5Z7SMgJFA5MrkBPWt87QhhXO10Eh0+cRPoJJkvRgmzVT2D7NAnUIzfiYWx2/clzIB46gYubZvHm96LeVL4jgzPTCT13gr7F4t+l7ljjnD3r7pN27KOS9ZJSSrKmePZ59E5FgG/tKTY88gPL40SAQCwmIMvXt53UklD09q/1s9RaCgALUjf0smxClp4aGOzY28uzWr7fu0qI1CQCR8RSeyKcGRCQgaHst/DVHL+grFzxhxtjm9xoNDDpo5Qmxm1+PiTAU3kj9EQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none Received: from DM4PR12MB5745.namprd12.prod.outlook.com (2603:10b6:8:5c::7) by IA1PR12MB6211.namprd12.prod.outlook.com (2603:10b6:208:3e5::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.16; Mon, 20 Jun 2022 15:52:11 +0000 Received: from DM4PR12MB5745.namprd12.prod.outlook.com ([fe80::80e8:432c:4930:e41a]) by DM4PR12MB5745.namprd12.prod.outlook.com ([fe80::80e8:432c:4930:e41a%4]) with mapi id 15.20.5353.017; Mon, 20 Jun 2022 15:52:11 +0000 Message-ID: <25610650-170e-dd08-13c4-58893accaac2@amd.com> Date: Mon, 20 Jun 2022 16:52:05 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [PATCH 2/3] gdb/varobj: Fix use after free in varobj Content-Language: en-US From: Lancelot SIX Cc: lsix@lancelotsix.com References: <20220617101024.2830260-1-lancelot.six@amd.com> <20220617101024.2830260-3-lancelot.six@amd.com> <87v8szclvu.fsf@redhat.com> To: Andrew Burgess , gdb-patches@sourceware.org In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-ClientProxiedBy: AM5P194CA0002.EURP194.PROD.OUTLOOK.COM (2603:10a6:203:8f::12) To DM4PR12MB5745.namprd12.prod.outlook.com (2603:10b6:8:5c::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 18d2da89-f9d5-4b91-fcf3-08da52d4d696 X-MS-TrafficTypeDiagnostic: IA1PR12MB6211:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: p9nmIofWWO0J1+ePjBdeR0jVvyzx50uWLyFTFdED+UDlMyTlmpU82vYzE+rbpjui82eEUgK1jvx4LVyYmR+HreYQ8RQguZmaww1Cnrn/28tAiw7m0CWDXBd0ddzDTTRXo58xkGO7mz724yqjETH85Jb8vNOdwLvxCinHb5ffuwXoeApssuX21RoFjRBMPtTNc59poHhJCaTo8XJWFvHntCM3VMapNaAqDdFQu6Iae8uzu6h2KmJD5p1dFY8KzAEry2+BQvhMmJqhXxBLgbjI3Yit4I7MShOtuoKWJXHR0Xowqtiezte3YPbvmAvrPZEtVqjhmlwxHQ5eY3xAZ2O7ov2SUi0a/SRn18TQSXmJKyTD8+4uvRok6WVQsC4cGV8tPnQ/ryhH/nNJ8zk1bGe5I+GOah4KhYxKtypqAKrw+7XEmsqw580Ok3rm9UMadrGWL4QuMsDyVkRVQmobIfpsOsvOF02Z89TruVh9RGGhHP3s/C3Knfk5Aa2p0I4G+pLX1up3kLlkjDRn5aHPa6N+bWAOCaBcgxgIkihMM89+tB2Ek+J5FILdnlpWHgTv2efgD8vDjX8Se+l/9p2O00YWSnuwV80FE0YLraS8BwMyAokKNpEQGaOUaAbW4hwygicXF7lfT3dmkoLMVG4DF7OahuvgScsHfWusGav91RD5sCOrknJaQFOmYVMx62yJtuixtuU6cfoc0xhEZTQI1mJgpK4YpCbxGwjE/U2xDR71OU+jy3skK3M50aBPBY8g3YEE X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR12MB5745.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(39860400002)(376002)(346002)(136003)(396003)(316002)(8676002)(478600001)(4326008)(31696002)(6512007)(26005)(66476007)(31686004)(6506007)(86362001)(2906002)(6666004)(66946007)(83380400001)(2616005)(36756003)(38100700002)(66556008)(8936002)(41300700001)(186003)(6486002)(5660300002)(43740500002)(45980500001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?bEthUzNXTS8vRXo5aHBTQUlOdDV3MXgyZk5EYzVlOTI2QzZnVWlaMnFyYWpC?= =?utf-8?B?bjB5eUZ3VElhNG1vMjdteVFWOHNHUi9QdU9GckRkbkt3MFVETWtqZStpMVBM?= =?utf-8?B?bHQzMGJpbi8rRDE4aUw4R1FmMGxNMkh2dExnRGhpZGFRV2lYRUJ6WXZtRHc0?= =?utf-8?B?eXd2WlRtUUQ3a2dqUDFkS21BYmlwTFBKaFdQT2RFL3FtV0JYbHJoeW43ekZw?= =?utf-8?B?ZjlkVTM0OEowS3llcE9WWStlcEIzcFFrRzNRdnlqNTErWm4vV2h4RVd4Y0ZW?= =?utf-8?B?QWNxRDZ3Y0N1a0VHZ3M3MXR3TFlNa0JHMG1CZkJRREh3OU5ZWEliZnB3ZmYz?= =?utf-8?B?TE52azBWekRmRy93UXJZWHJpMDl3RnNSTXJLcWJzQ21ILzJPeFE3L0N1TFIw?= =?utf-8?B?WmJjb2hYWFFmZkI2SEc4MW43Z2JNQk5RSWx3eXg1UndGTURmUkE1NkREZkI5?= =?utf-8?B?QUg5L2tYWkdvQmNIYXFIb09CUzFuR2ZtbjdzUHdBQ3VSWmtOaTFwUFVMQ1oz?= =?utf-8?B?UkZmamRQUDFxUjFtbTNHcjRFRm4zdm5tbGNKU2JUcFoySUFoV0pDWmlkN2dI?= =?utf-8?B?aldxTVVSbENkaFVUZ0d0YzMvU1Z3QlFvb256SWZrcEJEa0g1cUNCZFV2bFJE?= =?utf-8?B?eHVCanV0SUNKdVpGN05sbUJKY3YvdXFVZVFIOWtxenQ3L0hRMEZDWGtjcUZS?= =?utf-8?B?ckZkY0NEZ1pzU3V6bWF1TGVTMnVLMkZ5RzJidjVKeUxqZEFnb0o2OWJWL1J2?= =?utf-8?B?aXY0U3lTNjk5RmxsZzdmakE3bUpuM3VmT29aNithVmlFZDNFV3ZiOUR4Vkdo?= =?utf-8?B?NmNIWjF2am9vTU05ZEh3ajM0VHFwV1pseVFXWWRMN1gvN0VZbzFZWEZNNGlh?= =?utf-8?B?cU51NVJYd3NzZWlOeHBURDZpbVN3RFU4WjNhRjNwL1c0RXk4ZVV5OFhBTzNE?= =?utf-8?B?SEx6ejdVZ2xZQUx3aVlLWHVncDNrYkRWM2ZYQWZjRUZJY0E0S0F1WkxYL3V3?= =?utf-8?B?K0lvb0M2WmlPYnZHWG05aGl2Mk1pTFV1eEhHcGtJeHVxOWM2RlpyZE1IMnZr?= =?utf-8?B?Z0YraDBzcDdaQndDZ2VEeHZYbXFIUUpnMVpkMVA2MmJsY2Uwd0VrTTRybzFY?= =?utf-8?B?L2lXL1QxY2p4SzZObnRuNFkzeE5WUEJvODFpRmUrdjZ2STZyREJLcXVUeCtJ?= =?utf-8?B?S3RnbFZGS295ZlpHT2JxTnllQkZEaStxbC9KM0ZIU25pTHRhb3QrcER1TGVa?= =?utf-8?B?TjIyVVVyQTN1L01mMTVYRm1VSVFSODZnZzd0T09SS2kwUFI1Wk9Uam8ydVdD?= =?utf-8?B?WUlTMkpZNVNJaGFNZ3JVV1ZXZWhTZ2ZJWHp3UGZRelJXZU5BOXpDcE1zZjFn?= =?utf-8?B?RjZiTFdxRUErTGE5WDAvM3FLSXl5SjZHQU1LTGgyc3lPd1lOSlNhTEFOekxs?= =?utf-8?B?NmtPZExBVHVhSmtYMUdmNUtlT3I5bXI2eWk1cU5ld1doVTlCTEVtK0tMU3hk?= =?utf-8?B?MjVMWURwN3Q2RDJManBhSmc3dXlKdU5JMU5rRWdMSnlJaGdEOUFnN0JSelhR?= =?utf-8?B?U0orUkZIeHVhN0RURXgvMFBkS0w1U25INXU3UXhiQ2N3MzdqTWZQdTFxYjBu?= =?utf-8?B?d2dxckpIVjhxS3E3L3c0WkgxZ2JBVFZzNC9TUnZ5N1BLdGgxNFNHb2ozMXZD?= =?utf-8?B?MFZyd1R1bXFJbjhRUnFhblBGNzhjSlhlYWFvTHFnOFdjajRtdGVCYjVLZlp5?= =?utf-8?B?SDR5RFpRUGxBRVNmSHpqbTFRczM0eWhYRGpkcXloVzVXVkRkRFJNck5uY216?= =?utf-8?B?MC9UK0M2eFczdDd5U3JQQnRhbzNZd0tQeWxVVlA0K2U2Z0Nyd1hSaC9TZFhm?= =?utf-8?B?N3dOYXROODNXN0JWYXJyQzlkZCt4bk1rbGtEVVdrc0wvOWFHdTlUWkpwYm0y?= =?utf-8?B?dzNIZUw2UkQwZ2VsSm80ZmtZRjhjQmROUEgwMDVTSGtrU21lcU82cE41MXkz?= =?utf-8?B?TWtIMkZGZVNncGxia0lDY0cybXJMSGxkM3RLMTE4Nk9mZzlNTmRGd3dkZXdX?= =?utf-8?B?blZEZjRiOXBDdFZncE1MbTVrazA5cjVQeC9KUkg1aEQyak91a3BaMFl6bXY3?= =?utf-8?B?cGtsS1pQNjNoUXBJT0VMVjBkSUluaGE0a2JPTGFlazlyczVnTU9hUHNwSTdI?= =?utf-8?B?UU1pSm0yZWFDajVtUzFlR0Q3Q05ZYlZZaTY2eC9WalkvbU9RVmFrV1JLdmdQ?= =?utf-8?B?Sm5RV1E3dFZ5c3dNZjlSNXZLR0dDVWlmTWEwNjlaWE0zUmxROEhXeTViQmZo?= =?utf-8?B?dDV6d2VCcW5NY1pEQnBzVi90S2RzaW1QT0tCYlo4VWQrNUM4L1dxUT09?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 18d2da89-f9d5-4b91-fcf3-08da52d4d696 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5745.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jun 2022 15:52:11.5453 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XHASUAoQ18E93KcOBcZl79G07FEpTM3HaCiqfh9SrsAVTK1CuE7YdTfOxYOEbfqq1yNulXE5QZC3FHayuhNdNA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6211 X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2022 15:52:16 -0000 >>> + if ((*var_handle)->root->exp == nullptr) >>> + return nullptr; >>> + >> >> I notice that non of the tests in either this patch, or the next one, >> exercise this condition. >> >> Is it possible to create a test for this case? > > Will do.  Issuing a "-var-update" after the dlclose call in the test > should exercise this.  I did that manually, but forgot to include it in > the testcaes. > Actually, after double checking, this case is not possible. We cannot reach this point if the the varobj is invalid. The only way to have `exp == nullptr` and a valid varobj is if the varobj floating. In this particular case, code a couple of lines above ensure that either the expression is re-parsed (ensuring exp is not nullptr), or exit the all function early: if (var->root->floating) { struct varobj *tmp_var; tmp_var = varobj_create (NULL, var->name.c_str (), (CORE_ADDR) 0, USE_SELECTED_FRAME); if (tmp_var == NULL) { return NULL; } ... } I'll drop this part of the patch in V2. I will still update the testcase to still exercise the case where: var->root->floating && var->root->exp == nullptr on entry of this function. Best, Lancelot.