From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id E79EA385781B; Sat,  3 Apr 2021 20:42:42 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E79EA385781B
From: "tromey at sourceware dot org" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug gdb/23342] sanity check stale struct frame_info *
Date: Sat, 03 Apr 2021 20:42:42 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gdb
X-Bugzilla-Component: gdb
X-Bugzilla-Version: HEAD
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: enhancement
X-Bugzilla-Who: tromey at sourceware dot org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-23342-4717-z8u4qEG0EI@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-23342-4717@http.sourceware.org/bugzilla/>
References: <bug-23342-4717@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gdb-prs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-prs mailing list <gdb-prs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-prs>,
 <mailto:gdb-prs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-prs/>
List-Help: <mailto:gdb-prs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-prs>,
 <mailto:gdb-prs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Apr 2021 20:42:43 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D23342

--- Comment #8 from Tom Tromey <tromey at sourceware dot org> ---
(In reply to Jan Kratochvil from comment #6)
> (In reply to Tom Tromey from comment #5)
> > The more I consider the "automatic reinflating" idea, the more I like
> > it.  It would turn an assertion failure / crash into "what the code
> > should be doing anyway".
>=20
> But then one will not find out the code is not handling invalidated frame
> pointers in a reasonable (non-crashing) way. Maybe it could be configurab=
le
> by some --enable-maintainer-mode.

True, but my thinking here was that it doesn't matter.

The normal bug is that some code holds onto a frame_info* that is
the invalidated.  Then, it uses the pointer, resulting in a UAF.

The patch I have now turns the UAF into a crash, by turning the
dangling pointer into a NULL pointer.  Good so far.

The next step is that we would normally fix this kind of bug by
computing the frame_id and storing it, then using the frame_id to
look up the frame again.

The proposed "reinflation" approach is to automate this step.
It would just invisibly do what you were supposed to do anyway.

Is there ever a time when we wouldn't want to do this?
Or when it would cause some other bug?

--=20
You are receiving this mail because:
You are on the CC list for the bug.=