public inbox for gdb-prs@sourceware.org help / color / mirror / Atom feed
From: "vries at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org> To: gdb-prs@sourceware.org Subject: [Bug remote/26614] AddressSanitizer: heap-use-after-free of extended_remote_target in remote_async_inferior_event_handler Date: Sun, 29 Nov 2020 11:24:01 +0000 [thread overview] Message-ID: <bug-26614-4717-62BatwUpop@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-26614-4717@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=26614 --- Comment #11 from Tom de Vries <vries at gcc dot gnu.org> --- As experiment, I tried: ... diff --git a/gdb/remote.c b/gdb/remote.c index 59075cb09f..4dd165255e 100644 --- a/gdb/remote.c +++ b/gdb/remote.c @@ -4084,6 +4084,7 @@ remote_target::~remote_target () return; serial_close (rs->remote_desc); + rs->remote_desc = nullptr; /* We are destroying the remote target, so we should discard everything of this target. */ @@ -4093,6 +4094,7 @@ remote_target::~remote_target () delete_async_event_handler (&rs->remote_async_inferior_event_token); delete rs->notif_state; + rs->notif_state = nullptr; } /* Query the remote side for the text, data and bss offsets. */ ... And got (again at run 28): ... (gdb) PASS: gdb.multi/multi-target-continue.exp: continue: non-stop=on: inferior 2 Remote debugging from host ::1, port 42904 Process /home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.multi/multi-target-continue/multi-target-continue created; pid = 27519 monitor exit (gdb) Killing process(es): 27519 FAIL: gdb.multi/multi-target-continue.exp: continue: non-stop=on: inferior 5 (timeout) Remote debugging from host ::1, port 43110 Process /home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.multi/multi-target-continue/multi-target-continue created; pid = 27531 Thread 1 "gdb" received signal SIGSEGV, Segmentation fault. 0x00000000008e5a69 in std::equal_to<gdbarch*>::operator() (this=0x1f59be0, __x=@0x7fffffffd100: 0x2264740, __y=<error reading variable>) at /usr/include/c++/7/bits/stl_function.h:356 356 { return __x == __y; } +backtrace #0 0x00000000008e5a69 in std::equal_to<gdbarch*>::operator() (this=0x1f59be0, __x=@0x7fffffffd100: 0x2264740, __y=<error reading variable>) at /usr/include/c++/7/bits/stl_function.h:356 #1 0x00000000008e5085 in std::__detail::_Equal_helper<gdbarch*, std::pair<gdbarch* const, remote_arch_state>, std::__detail::_Select1st, std::equal_to<gdbarch*>, unsigned long, false>::_S_equals (__eq=..., __extract=..., __k=@0x7fffffffd100: 0x2264740, __n=0x60) at /usr/include/c++/7/bits/hashtable_policy.h:1444 #2 0x00000000008e4424 in std::__detail::_Hashtable_base<gdbarch*, std::pair<gdbarch* const, remote_arch_state>, std::__detail::_Select1st, std::equal_to<gdbarch*>, std::hash<gdbarch*>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Hashtable_traits<false, false, true> >::_M_equals (this=0x1f59be0, __k=@0x7fffffffd100: 0x2264740, __c=36063040, __n=0x60) at /usr/include/c++/7/bits/hashtable_policy.h:1815 #3 0x00000000008e3077 in std::_Hashtable<gdbarch*, std::pair<gdbarch* const, remote_arch_state>, std::allocator<std::pair<gdbarch* const, remote_arch_state> >, std::__detail::_Select1st, std::equal_to<gdbarch*>, std::hash<gdbarch*>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, false, true> >::_M_find_before_node (this=0x1f59be0, __n=0, __k=@0x7fffffffd100: 0x2264740, __code=36063040) at /usr/include/c++/7/bits/hashtable.h:1551 #4 0x00000000008e167a in std::_Hashtable<gdbarch*, std::pair<gdbarch* const, remote_arch_state>, std::allocator<std::pair<gdbarch* const, remote_arch_state> >, std::__detail::_Select1st, std::equal_to<gdbarch*>, std::hash<gdbarch*>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, false, true> >::_M_find_node (this=0x1f59be0, __bkt=0, __key=@0x7fffffffd100: 0x2264740, __c=36063040) at /usr/include/c++/7/bits/hashtable.h:642 #5 0x00000000008df5ac in std::_Hashtable<gdbarch*, std::pair<gdbarch* const, remote_arch_state>, std::allocator<std::pair<gdbarch* const, remote_arch_state> >, std::__detail::_Select1st, std::equal_to<gdbarch*>, std::hash<gdbarch*>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, false, true> >::find (this=0x1f59be0, __k=@0x7fffffffd100: 0x2264740) at /usr/include/c++/7/bits/hashtable.h:1425 #6 0x00000000008ddc6b in std::unordered_map<gdbarch*, remote_arch_state, std::hash<gdbarch*>, std::equal_to<gdbarch*>, std::allocator<std::pair<gdbarch* const, remote_arch_state> > >::find (this=0x1f59be0, __x=@0x7fffffffd100: 0x2264740) at /usr/include/c++/7/bits/unordered_map.h:920 #7 0x00000000008be731 in remote_state::get_remote_arch_state (this=0x1f599a8, gdbarch=0x2264740) at /home/vries/gdb_versions/devel/src/gdb/remote.c:1203 #8 0x00000000008be84f in remote_target::get_remote_state (this=0x1f59990) at /home/vries/gdb_versions/devel/src/gdb/remote.c:1232 #9 0x00000000008da485 in remote_async_inferior_event_handler (data=0x1f59990) at /home/vries/gdb_versions/devel/src/gdb/remote.c:14171 #10 0x00000000004aa95e in check_async_event_handlers () at /home/vries/gdb_versions/devel/src/gdb/async-event.c:295 #11 0x0000000000d0eaef in gdb_do_one_event () at /home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:194 #12 0x0000000000795ec7 in start_event_loop () at /home/vries/gdb_versions/devel/src/gdb/main.c:356 #13 0x0000000000795fe7 in captured_command_loop () at /home/vries/gdb_versions/devel/src/gdb/main.c:416 #14 0x0000000000797662 in captured_main (data=0x7fffffffd310) at /home/vries/gdb_versions/devel/src/gdb/main.c:1253 #15 0x00000000007976c8 in gdb_main (args=0x7fffffffd310) at /home/vries/gdb_versions/devel/src/gdb/main.c:1268 #16 0x0000000000415a9e in main (argc=5, argv=0x7fffffffd418) at /home/vries/gdb_versions/devel/src/gdb/gdb.c:32 +quit ... -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2020-11-29 11:24 UTC|newest] Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-09-14 14:50 [Bug gdb/26614] New: UNRESOLVED: gdb.multi/multi-target.exp: continue: non-stop=on: inferior 5 vries at gcc dot gnu.org 2020-09-14 14:52 ` [Bug gdb/26614] " vries at gcc dot gnu.org 2020-09-14 14:52 ` vries at gcc dot gnu.org 2020-09-14 14:56 ` vries at gcc dot gnu.org 2020-09-14 15:14 ` vries at gcc dot gnu.org 2020-09-15 9:41 ` vries at gcc dot gnu.org 2020-09-15 9:42 ` vries at gcc dot gnu.org 2020-09-15 10:14 ` [Bug remote/26614] AddressSanitizer: heap-use-after-free of extended_remote_target in remote_async_inferior_event_handler vries at gcc dot gnu.org 2020-09-25 23:58 ` palves at redhat dot com 2020-09-29 13:25 ` vries at gcc dot gnu.org 2020-11-29 9:19 ` vries at gcc dot gnu.org 2020-11-29 10:20 ` vries at gcc dot gnu.org 2020-11-29 11:24 ` vries at gcc dot gnu.org [this message] 2020-11-29 14:53 ` simark at simark dot ca 2020-11-29 15:15 ` simark at simark dot ca 2020-11-30 10:32 ` vries at gcc dot gnu.org 2020-11-30 11:02 ` vries at gcc dot gnu.org 2020-11-30 12:06 ` vries at gcc dot gnu.org 2020-11-30 14:11 ` simark at simark dot ca 2020-11-30 14:35 ` vries at gcc dot gnu.org 2020-11-30 14:57 ` simark at simark dot ca 2020-11-30 15:00 ` palves at redhat dot com 2020-11-30 15:10 ` simark at simark dot ca 2021-01-07 12:27 ` vries at gcc dot gnu.org 2021-01-07 12:34 ` vries at gcc dot gnu.org 2021-01-07 13:40 ` vries at gcc dot gnu.org 2021-01-07 16:10 ` vries at gcc dot gnu.org 2021-01-07 20:41 ` cvs-commit at gcc dot gnu.org 2021-01-31 6:16 ` brobecker at gnat dot com 2021-01-31 6:58 ` vries at gcc dot gnu.org 2021-01-31 7:16 ` vries at gcc dot gnu.org 2021-02-04 18:43 ` simark at simark dot ca 2021-06-27 17:52 ` ahmedsayeed1982 at yahoo dot com 2021-08-10 11:45 ` ucelsanicin at yahoo dot com 2021-08-18 13:42 ` jamesrogan59 at gmail dot com 2021-08-19 5:53 ` ucelsanicin at yahoo dot com 2021-09-02 11:00 ` donipah907 at mtlcz dot com 2021-09-02 11:18 ` mark at klomp dot org 2021-09-06 9:09 ` focixujo at livinginsurance dot co.uk 2021-09-10 19:40 ` mehmetgelisin at aol dot com 2021-09-14 17:29 ` johnb6174 at gmail dot com 2021-09-26 13:31 ` tes.vik1986 at gmail dot com 2021-10-09 11:00 ` gulsenenginar at aol dot com 2021-10-17 19:48 ` vmireskazki at gmail dot com 2021-10-19 7:15 ` progonsaytu at gmail dot com 2021-10-23 13:46 ` fiteva5725 at bomoads dot com 2021-10-24 10:03 ` glassmtech at ukr dot net 2021-11-06 21:12 ` paneki8601 at dukeoo dot com 2021-11-10 14:11 ` bryanmcsp at gmail dot com 2021-11-13 19:31 ` tesaso8237 at funboxcn dot com 2021-11-16 11:05 ` mrsrvic at yahoo dot com 2021-11-16 19:04 ` xecana8007 at funboxcn dot com 2021-11-16 19:08 ` xecana8007 at funboxcn dot com 2021-11-16 19:12 ` xecana8007 at funboxcn dot com 2021-11-22 7:38 ` gexed96894 at keagenan dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-26614-4717-62BatwUpop@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=gdb-prs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).