From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca (simark.ca [158.69.221.121]) by sourceware.org (Postfix) with ESMTPS id 1516B3850617 for ; Wed, 14 Dec 2022 19:52:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 1516B3850617 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=simark.ca Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=simark.ca Received: from [10.0.0.11] (unknown [217.28.27.60]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by simark.ca (Postfix) with ESMTPSA id A62EB1E0CD; Wed, 14 Dec 2022 14:52:53 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=simark.ca; s=mail; t=1671047573; bh=FkFnUMwTSs5mki++khk9BJJYnwmTS96R5pydAlR82DE=; h=Date:Subject:To:References:From:In-Reply-To:From; b=DTcOfcxnqYX1BJVX9ApSf9WYFhSUz5runJ10/NvWkAGdvcR1K20rGwXCImqE5Ayhx /NtEfSYphqVAVwXMXK7FpjJMPHqgi+lEEqNutQM+vByBIdsvyDR8U0c/C7FUJ57vX1 tXRqDZSOVN2zHv34wCYuf8k61GiFzjaaZn+Q4T7k= Message-ID: Date: Wed, 14 Dec 2022 14:52:53 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Subject: Re: [PATCH] gdb: fix possible use-after-free when executing commands Content-Language: en-US To: Jan Vrany , gdb-patches@sourceware.org References: <20221208142014.84759-1-jan.vrany@labware.com> From: Simon Marchi In-Reply-To: <20221208142014.84759-1-jan.vrany@labware.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,SPF_HELO_PASS,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 12/8/22 09:20, Jan Vrany via Gdb-patches wrote: > In principle, `execute_command()` does following: > > struct cmd_list_element *c; > c = lookup_cmd ( ... ); > ... > /* If this command has been pre-hooked, run the hook first. */ > execute_cmd_pre_hook (c); > ... > /* ...execute the command `c` ...*/ > ... > execute_cmd_post_hook (c); > > This may lead into use-after-free error. Imagine the command > being executed is a user-defined Python command that redefines > itself. In that case, struct `cmd_list_element` pointed to by > `c` is deallocated during its execution so it is no longer valid > when post hook is executed. > > To fix this case, this commit looks up the command once again > after it is executed to get pointer to (possibly newly allocated) > `cmd_list_element`. Hi Jan, Do you think you could write a test to exercise that fix? Simon