public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
From: "tromey at sourceware dot org" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug gdb/23342] sanity check stale struct frame_info *
Date: Sat, 03 Apr 2021 20:42:42 +0000 [thread overview]
Message-ID: <bug-23342-4717-z8u4qEG0EI@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-23342-4717@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=23342
--- Comment #8 from Tom Tromey <tromey at sourceware dot org> ---
(In reply to Jan Kratochvil from comment #6)
> (In reply to Tom Tromey from comment #5)
> > The more I consider the "automatic reinflating" idea, the more I like
> > it. It would turn an assertion failure / crash into "what the code
> > should be doing anyway".
>
> But then one will not find out the code is not handling invalidated frame
> pointers in a reasonable (non-crashing) way. Maybe it could be configurable
> by some --enable-maintainer-mode.
True, but my thinking here was that it doesn't matter.
The normal bug is that some code holds onto a frame_info* that is
the invalidated. Then, it uses the pointer, resulting in a UAF.
The patch I have now turns the UAF into a crash, by turning the
dangling pointer into a NULL pointer. Good so far.
The next step is that we would normally fix this kind of bug by
computing the frame_id and storing it, then using the frame_id to
look up the frame again.
The proposed "reinflation" approach is to automate this step.
It would just invisibly do what you were supposed to do anyway.
Is there ever a time when we wouldn't want to do this?
Or when it would cause some other bug?
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2021-04-03 20:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-23342-4717@http.sourceware.org/bugzilla/>
2021-04-02 22:52 ` tromey at sourceware dot org
2021-04-03 5:54 ` tromey at sourceware dot org
2021-04-03 15:50 ` tromey at sourceware dot org
2021-04-03 19:36 ` simark at simark dot ca
2021-04-03 20:20 ` tromey at sourceware dot org
2021-04-03 20:31 ` jan.kratochvil at redhat dot com
2021-04-03 20:39 ` tromey at sourceware dot org
2021-04-03 20:42 ` tromey at sourceware dot org [this message]
2021-04-03 20:49 ` jan.kratochvil at redhat dot com
2022-10-17 22:30 ` tromey at sourceware dot org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-23342-4717-z8u4qEG0EI@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=gdb-prs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).