From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=/NMl=IV=undo.io=tlloyddavies@sourceware.org>
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c])
	by sourceware.org (Postfix) with ESMTPS id 762FB3861012
	for <gdb-patches@sourceware.org>; Thu, 11 Jan 2024 18:19:39 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 762FB3861012
Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=undo.io
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=undo.io
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 762FB3861012
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::62c
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1704997181; cv=none;
	b=WQznRb+7ZwBeh6ls1XBrl97p1w/0V7Vxw7oaXEMUo1rJqXdRPRhGgnJWk38JQoV/ZgrI6oNbzIkLHu2Ck1gj5h53a2HD19buZz6/fU75fC0JqODNtCnK5sCK08VoRwg+hUZYrDoCd4nKzfEO3BJKD3d5CTILcaPqMlb5au+cgOQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1704997181; c=relaxed/simple;
	bh=VjQYfBglrpH574a8dfbCOljkpUlewVTWX60saI78bXs=;
	h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=CfVjcijF72I00AICRo6VNYceH9wS88PsPvVKgJgvAOe2sYVSI4wRG7FY9yxLZ2g+7hmpB/JunnBMPGBl23YdkhB9fqx1JRlh/FBrtbQapJWBtb5QRhANS0x2BcWWV4eWegtb//O0/K0ROtUi0I2legqvypf4DPeAD2RflOzWt68=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-a2821884a09so481692766b.2
        for <gdb-patches@sourceware.org>; Thu, 11 Jan 2024 10:19:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=undo.io; s=google2; t=1704997178; x=1705601978; darn=sourceware.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=VjQYfBglrpH574a8dfbCOljkpUlewVTWX60saI78bXs=;
        b=aF0X/Hea0KPmhWYhkByxs6rwuF3bmCGjNE+hvxhW9TZSkkmX844gKY1tCWBUeqNk9B
         23KJyoubzHXd1Am08+KxHAQ/h6eEYtyjrb+fCO4TANRis/4bUo4kQQwI1Q9vGw4exHqB
         xtj38rY7L1wQaPV+N83DdDf7jUCU7PqYHKYMZ9k03PLRTlPOWPf29URP6ZgnukNt3EIC
         TspQLj2iRI3erK0sjNUGbmE53FM4YRBHIBs9jKIZjUJYkp16r6bU46Lhjswaw1XbNhFr
         uqL8T0CRSmtTEx0n78x2RxihQ+qz67jaX3kPIH6WDMNDke95sDoR+ghAEZBm6CQt1MQe
         qvyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704997178; x=1705601978;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VjQYfBglrpH574a8dfbCOljkpUlewVTWX60saI78bXs=;
        b=a+hVSffTlZoTaNl/qOYXg7iimRLdEOisiNt9gwgDyMwSPQXbNqEcW0MXWQwRtm6F73
         DawrcRuDnFYpGp8UIi5kiYW5/71EyoD2s7dhDJAFFLkG+vxNwVJXex68I49sLlM9Jzu6
         eTpOkwVIrnQ+siZ+/AAMqa/ay8XerkWc36MGwJQwHUlWjoCZSY/vDhZejRNrBO7CJJWH
         4djzsGPCLA3usJYi+lRahxXYTQ2ILltdiSTZ8jWK9M/F0tUf2+r/pWAi6QGTsx4AIGxt
         EBtOfzUmdE0f6KBEej/5bO4xfiEjC3KBK2vgfzsGtHJrh12VIzD6uWPHDANbZtlIFXR0
         5A3A==
X-Gm-Message-State: AOJu0YxM1TrSiaynlbWIhZ5rCXK6y1xDwLjY+1+RTkZRa0wkdjyziBCv
	+/ucjwcd5vkA+/+0fhlb8cuIEPt9Pa4GdGreSb7q/pL1ElVTAnI18kWO1Bqba/8=
X-Google-Smtp-Source: AGHT+IHMp3ukmeYpc0QGetDpBf2DJ+5Zam8UbjhQz+4D5VpfoTBMv/ZiXuIjuTt0DKbxJyvdCUt8bMJuQOZOrHALc0Q=
X-Received: by 2002:a17:907:2cd3:b0:a2a:ee98:f43d with SMTP id
 hg19-20020a1709072cd300b00a2aee98f43dmr31635ejc.76.1704997178219; Thu, 11 Jan
 2024 10:19:38 -0800 (PST)
MIME-Version: 1.0
References: <20240111163826.286722-1-tlloyddavies@undo.io> <87le8vrdbg.fsf@tromey.com>
In-Reply-To: <87le8vrdbg.fsf@tromey.com>
From: Toby Lloyd Davies <tlloyddavies@undo.io>
Date: Thu, 11 Jan 2024 18:19:27 +0000
Message-ID: <CAN092+1cdf6Qz=oVsTY8R-xUDoJ1M59jQd3iaZX7PewUsxLvDA@mail.gmail.com>
Subject: Re: [PATCH] gdb/infcall: Fix freed frame dereferenced in inferior call
To: Tom Tromey <tom@tromey.com>
Cc: gdb-patches@sourceware.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gdb-patches.sourceware.org>

> Was this patch made against an older version of gdb?

Yes. You're right that this is now fixed so this patch is no longer needed.

Thanks,
Toby


On Thu, 11 Jan 2024 at 17:26, Tom Tromey <tom@tromey.com> wrote:
>
> >>>>> "Toby" == Toby Lloyd Davies <tlloyddavies@undo.io> writes:
>
> Toby> Between the store to frame and it's use by get_frame_sp (frame) there is
> Toby> a call to find_function_addr(). If the function is a IFUNC then this can
> Toby> do another inferior call. This results in the frame cache being
> Toby> invalidated which frees all frames. Then the frame pointer previously
> Toby> stored is left dangling and get_frame_sp (frame) may segfault.
>
> This sounds like exactly the kind of bug that should have been fixed by
> the frame_info_ptr change -- stale frame_info pointer are no longer
> possible.
>
> Was this patch made against an older version of gdb?
>
> If it's still a bug, it might be good to have more information about it.
> Also a test case would be handy.
>
> thanks,
> Tom