public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
From: "vries at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug remote/26614] AddressSanitizer: heap-use-after-free of extended_remote_target in remote_async_inferior_event_handler
Date: Sun, 29 Nov 2020 11:24:01 +0000 [thread overview]
Message-ID: <bug-26614-4717-62BatwUpop@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-26614-4717@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=26614
--- Comment #11 from Tom de Vries <vries at gcc dot gnu.org> ---
As experiment, I tried:
...
diff --git a/gdb/remote.c b/gdb/remote.c
index 59075cb09f..4dd165255e 100644
--- a/gdb/remote.c
+++ b/gdb/remote.c
@@ -4084,6 +4084,7 @@ remote_target::~remote_target ()
return;
serial_close (rs->remote_desc);
+ rs->remote_desc = nullptr;
/* We are destroying the remote target, so we should discard
everything of this target. */
@@ -4093,6 +4094,7 @@ remote_target::~remote_target ()
delete_async_event_handler (&rs->remote_async_inferior_event_token);
delete rs->notif_state;
+ rs->notif_state = nullptr;
}
/* Query the remote side for the text, data and bss offsets. */
...
And got (again at run 28):
...
(gdb) PASS: gdb.multi/multi-target-continue.exp: continue: non-stop=on:
inferior 2
Remote debugging from host ::1, port 42904
Process
/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.multi/multi-target-continue/multi-target-continue
created; pid = 27519
monitor exit
(gdb) Killing process(es): 27519
FAIL: gdb.multi/multi-target-continue.exp: continue: non-stop=on: inferior 5
(timeout)
Remote debugging from host ::1, port 43110
Process
/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.multi/multi-target-continue/multi-target-continue
created; pid = 27531
Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
0x00000000008e5a69 in std::equal_to<gdbarch*>::operator() (this=0x1f59be0,
__x=@0x7fffffffd100: 0x2264740, __y=<error reading variable>) at
/usr/include/c++/7/bits/stl_function.h:356
356 { return __x == __y; }
+backtrace
#0 0x00000000008e5a69 in std::equal_to<gdbarch*>::operator() (this=0x1f59be0,
__x=@0x7fffffffd100: 0x2264740, __y=<error reading variable>) at
/usr/include/c++/7/bits/stl_function.h:356
#1 0x00000000008e5085 in std::__detail::_Equal_helper<gdbarch*,
std::pair<gdbarch* const, remote_arch_state>, std::__detail::_Select1st,
std::equal_to<gdbarch*>, unsigned long, false>::_S_equals (__eq=...,
__extract=..., __k=@0x7fffffffd100: 0x2264740, __n=0x60) at
/usr/include/c++/7/bits/hashtable_policy.h:1444
#2 0x00000000008e4424 in std::__detail::_Hashtable_base<gdbarch*,
std::pair<gdbarch* const, remote_arch_state>, std::__detail::_Select1st,
std::equal_to<gdbarch*>, std::hash<gdbarch*>,
std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash,
std::__detail::_Hashtable_traits<false, false, true> >::_M_equals
(this=0x1f59be0, __k=@0x7fffffffd100: 0x2264740, __c=36063040, __n=0x60) at
/usr/include/c++/7/bits/hashtable_policy.h:1815
#3 0x00000000008e3077 in std::_Hashtable<gdbarch*, std::pair<gdbarch* const,
remote_arch_state>, std::allocator<std::pair<gdbarch* const, remote_arch_state>
>, std::__detail::_Select1st, std::equal_to<gdbarch*>, std::hash<gdbarch*>,
std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash,
std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false,
false, true> >::_M_find_before_node (this=0x1f59be0, __n=0,
__k=@0x7fffffffd100: 0x2264740, __code=36063040) at
/usr/include/c++/7/bits/hashtable.h:1551
#4 0x00000000008e167a in std::_Hashtable<gdbarch*, std::pair<gdbarch* const,
remote_arch_state>, std::allocator<std::pair<gdbarch* const, remote_arch_state>
>, std::__detail::_Select1st, std::equal_to<gdbarch*>, std::hash<gdbarch*>,
std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash,
std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false,
false, true> >::_M_find_node (this=0x1f59be0, __bkt=0, __key=@0x7fffffffd100:
0x2264740, __c=36063040) at /usr/include/c++/7/bits/hashtable.h:642
#5 0x00000000008df5ac in std::_Hashtable<gdbarch*, std::pair<gdbarch* const,
remote_arch_state>, std::allocator<std::pair<gdbarch* const, remote_arch_state>
>, std::__detail::_Select1st, std::equal_to<gdbarch*>, std::hash<gdbarch*>,
std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash,
std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false,
false, true> >::find (this=0x1f59be0, __k=@0x7fffffffd100: 0x2264740) at
/usr/include/c++/7/bits/hashtable.h:1425
#6 0x00000000008ddc6b in std::unordered_map<gdbarch*, remote_arch_state,
std::hash<gdbarch*>, std::equal_to<gdbarch*>, std::allocator<std::pair<gdbarch*
const, remote_arch_state> > >::find (this=0x1f59be0, __x=@0x7fffffffd100:
0x2264740) at /usr/include/c++/7/bits/unordered_map.h:920
#7 0x00000000008be731 in remote_state::get_remote_arch_state (this=0x1f599a8,
gdbarch=0x2264740) at /home/vries/gdb_versions/devel/src/gdb/remote.c:1203
#8 0x00000000008be84f in remote_target::get_remote_state (this=0x1f59990) at
/home/vries/gdb_versions/devel/src/gdb/remote.c:1232
#9 0x00000000008da485 in remote_async_inferior_event_handler (data=0x1f59990)
at /home/vries/gdb_versions/devel/src/gdb/remote.c:14171
#10 0x00000000004aa95e in check_async_event_handlers () at
/home/vries/gdb_versions/devel/src/gdb/async-event.c:295
#11 0x0000000000d0eaef in gdb_do_one_event () at
/home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:194
#12 0x0000000000795ec7 in start_event_loop () at
/home/vries/gdb_versions/devel/src/gdb/main.c:356
#13 0x0000000000795fe7 in captured_command_loop () at
/home/vries/gdb_versions/devel/src/gdb/main.c:416
#14 0x0000000000797662 in captured_main (data=0x7fffffffd310) at
/home/vries/gdb_versions/devel/src/gdb/main.c:1253
#15 0x00000000007976c8 in gdb_main (args=0x7fffffffd310) at
/home/vries/gdb_versions/devel/src/gdb/main.c:1268
#16 0x0000000000415a9e in main (argc=5, argv=0x7fffffffd418) at
/home/vries/gdb_versions/devel/src/gdb/gdb.c:32
+quit
...
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2020-11-29 11:24 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-14 14:50 [Bug gdb/26614] New: UNRESOLVED: gdb.multi/multi-target.exp: continue: non-stop=on: inferior 5 vries at gcc dot gnu.org
2020-09-14 14:52 ` [Bug gdb/26614] " vries at gcc dot gnu.org
2020-09-14 14:52 ` vries at gcc dot gnu.org
2020-09-14 14:56 ` vries at gcc dot gnu.org
2020-09-14 15:14 ` vries at gcc dot gnu.org
2020-09-15 9:41 ` vries at gcc dot gnu.org
2020-09-15 9:42 ` vries at gcc dot gnu.org
2020-09-15 10:14 ` [Bug remote/26614] AddressSanitizer: heap-use-after-free of extended_remote_target in remote_async_inferior_event_handler vries at gcc dot gnu.org
2020-09-25 23:58 ` palves at redhat dot com
2020-09-29 13:25 ` vries at gcc dot gnu.org
2020-11-29 9:19 ` vries at gcc dot gnu.org
2020-11-29 10:20 ` vries at gcc dot gnu.org
2020-11-29 11:24 ` vries at gcc dot gnu.org [this message]
2020-11-29 14:53 ` simark at simark dot ca
2020-11-29 15:15 ` simark at simark dot ca
2020-11-30 10:32 ` vries at gcc dot gnu.org
2020-11-30 11:02 ` vries at gcc dot gnu.org
2020-11-30 12:06 ` vries at gcc dot gnu.org
2020-11-30 14:11 ` simark at simark dot ca
2020-11-30 14:35 ` vries at gcc dot gnu.org
2020-11-30 14:57 ` simark at simark dot ca
2020-11-30 15:00 ` palves at redhat dot com
2020-11-30 15:10 ` simark at simark dot ca
2021-01-07 12:27 ` vries at gcc dot gnu.org
2021-01-07 12:34 ` vries at gcc dot gnu.org
2021-01-07 13:40 ` vries at gcc dot gnu.org
2021-01-07 16:10 ` vries at gcc dot gnu.org
2021-01-07 20:41 ` cvs-commit at gcc dot gnu.org
2021-01-31 6:16 ` brobecker at gnat dot com
2021-01-31 6:58 ` vries at gcc dot gnu.org
2021-01-31 7:16 ` vries at gcc dot gnu.org
2021-02-04 18:43 ` simark at simark dot ca
2021-06-27 17:52 ` ahmedsayeed1982 at yahoo dot com
2021-08-10 11:45 ` ucelsanicin at yahoo dot com
2021-08-18 13:42 ` jamesrogan59 at gmail dot com
2021-08-19 5:53 ` ucelsanicin at yahoo dot com
2021-09-02 11:00 ` donipah907 at mtlcz dot com
2021-09-02 11:18 ` mark at klomp dot org
2021-09-06 9:09 ` focixujo at livinginsurance dot co.uk
2021-09-10 19:40 ` mehmetgelisin at aol dot com
2021-09-14 17:29 ` johnb6174 at gmail dot com
2021-09-26 13:31 ` tes.vik1986 at gmail dot com
2021-10-09 11:00 ` gulsenenginar at aol dot com
2021-10-17 19:48 ` vmireskazki at gmail dot com
2021-10-19 7:15 ` progonsaytu at gmail dot com
2021-10-23 13:46 ` fiteva5725 at bomoads dot com
2021-10-24 10:03 ` glassmtech at ukr dot net
2021-11-06 21:12 ` paneki8601 at dukeoo dot com
2021-11-10 14:11 ` bryanmcsp at gmail dot com
2021-11-13 19:31 ` tesaso8237 at funboxcn dot com
2021-11-16 11:05 ` mrsrvic at yahoo dot com
2021-11-16 19:04 ` xecana8007 at funboxcn dot com
2021-11-16 19:08 ` xecana8007 at funboxcn dot com
2021-11-16 19:12 ` xecana8007 at funboxcn dot com
2021-11-22 7:38 ` gexed96894 at keagenan dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-26614-4717-62BatwUpop@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=gdb-prs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).