From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from omta038.useast.a.cloudfilter.net (omta038.useast.a.cloudfilter.net [44.202.169.37]) by sourceware.org (Postfix) with ESMTPS id A946D3858005 for ; Thu, 11 Jan 2024 17:26:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A946D3858005 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=tromey.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tromey.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A946D3858005 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=44.202.169.37 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1704994007; cv=none; b=Slrez3JSS6rjGmns5JzM/mFxAzedDi0AUEK5zSfdKjTac2RVxEcGXq3JMzdiiExsiJwuXnq/NAPfAz8hMDddK2Acm6RqRRhax+A57sJr8y4r9qW0ik5wFNVG+bjeJRfObbn6bqMcxXS8FNvdrGEQ4n2YIG9ChTw5YuMk3GoHiGI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1704994007; c=relaxed/simple; bh=6ZDws6MHZvtnvDDvXt80SOp/Vq6FTc21f68cdt8kXlc=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=k9Edh6T5kh67qOLE/5rY+UXodUdrIPkW7GcSe4hhfbifoRfy03KGs0ESB7ocyZjEIbR8tXuTICw8SYvDg1qqwVL9bLoHkdS5VaY59OBQjQ5E4q+MtWrsiVrr1VuUUUZrhrVOys+kgxyi/sUQeYWhKJ3ItO2VhiAbwBGVqBBff+0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from eig-obgw-6005a.ext.cloudfilter.net ([10.0.30.201]) by cmsmtp with ESMTPS id Nrr1rlyNw9gG6NypKrcUoF; Thu, 11 Jan 2024 17:26:46 +0000 Received: from box5379.bluehost.com ([162.241.216.53]) by cmsmtp with ESMTPS id NypJrZiVJ1UTRNypJrlBkN; Thu, 11 Jan 2024 17:26:45 +0000 X-Authority-Analysis: v=2.4 cv=ZOXEJF3b c=1 sm=1 tr=0 ts=65a024d5 a=ApxJNpeYhEAb1aAlGBBbmA==:117 a=ApxJNpeYhEAb1aAlGBBbmA==:17 a=OWjo9vPv0XrRhIrVQ50Ab3nP57M=:19 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19 a=dEuoMetlWLkA:10 a=Qbun_eYptAEA:10 a=7yua7298A0M4W-5rqiUA:9 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tromey.com; s=default; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:References :Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=6ZDws6MHZvtnvDDvXt80SOp/Vq6FTc21f68cdt8kXlc=; b=VUQVim3rTn53+3zgrOjv1wXFyv jFp6XUosVBPFBXGwStt03hSloISJBGP2N8J+p3BDMXBk0V/KRETnSPFye3lUNv71IR6bx3vQ9xNXU pC2xcx3v1iUtPSzr81JY4oyOW; Received: from 97-122-68-157.hlrn.qwest.net ([97.122.68.157]:38408 helo=murgatroyd) by box5379.bluehost.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from ) id 1rNypI-004B7K-38; Thu, 11 Jan 2024 10:26:45 -0700 From: Tom Tromey To: Toby Lloyd Davies Cc: gdb-patches@sourceware.org Subject: Re: [PATCH] gdb/infcall: Fix freed frame dereferenced in inferior call References: <20240111163826.286722-1-tlloyddavies@undo.io> X-Attribution: Tom Date: Thu, 11 Jan 2024 10:26:43 -0700 In-Reply-To: <20240111163826.286722-1-tlloyddavies@undo.io> (Toby Lloyd Davies's message of "Thu, 11 Jan 2024 16:38:26 +0000") Message-ID: <87le8vrdbg.fsf@tromey.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - box5379.bluehost.com X-AntiAbuse: Original Domain - sourceware.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - tromey.com X-BWhitelist: no X-Source-IP: 97.122.68.157 X-Source-L: No X-Exim-ID: 1rNypI-004B7K-38 X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: 97-122-68-157.hlrn.qwest.net (murgatroyd) [97.122.68.157]:38408 X-Source-Auth: tom+tromey.com X-Email-Count: 8 X-Org: HG=bhshared;ORG=bluehost; X-Source-Cap: ZWx5bnJvYmk7ZWx5bnJvYmk7Ym94NTM3OS5ibHVlaG9zdC5jb20= X-Local-Domain: yes X-CMAE-Envelope: MS4xfLtskpcTNTFIKMfJP/qTtWDvpv4+8aPmNCvXsByr8BuoDIzg/toq3ji7NXBbq0exj68Jp4bEsvxJOsN0wUsAd7V6JCFE8XerSHIKfgarsfFIjS6r91DY 9xOao1/LyKvO+DNRRV0gvBkQxBcuEwIinm1kweJnwU+Gypt7pQnc5WdIslFY39z2tz7yBd6iOw1Wep/zBosbiKpliXUq8Kr78KI= X-Spam-Status: No, score=-3016.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,JMQ_SPF_NEUTRAL,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: >>>>> "Toby" == Toby Lloyd Davies writes: Toby> Between the store to frame and it's use by get_frame_sp (frame) there is Toby> a call to find_function_addr(). If the function is a IFUNC then this can Toby> do another inferior call. This results in the frame cache being Toby> invalidated which frees all frames. Then the frame pointer previously Toby> stored is left dangling and get_frame_sp (frame) may segfault. This sounds like exactly the kind of bug that should have been fixed by the frame_info_ptr change -- stale frame_info pointer are no longer possible. Was this patch made against an older version of gdb? If it's still a bug, it might be good to have more information about it. Also a test case would be handy. thanks, Tom