From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 5E7A83858001; Sun, 29 Nov 2020 15:15:35 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5E7A83858001 From: "simark at simark dot ca" To: gdb-prs@sourceware.org Subject: [Bug remote/26614] AddressSanitizer: heap-use-after-free of extended_remote_target in remote_async_inferior_event_handler Date: Sun, 29 Nov 2020 15:15:35 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: remote X-Bugzilla-Version: HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: simark at simark dot ca X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gdb-prs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-prs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2020 15:15:35 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D26614 --- Comment #13 from Simon Marchi --- If that's indeed the problem, I can see two solutions: 1. Have some kind of listener that the function can install locally to get notified if the target gets destroyed, and skip the following code if so. 2. That code exists to re-mark the async event handler if we still have thi= ngs to report, because it is automatically cleared by check_async_event_handler= s.=20 Instead, we can make check_async_event_handlers leave the async event handl= er marked and let the target clear it in its ::wait implementation when it no longer has anything to report. Or, as a stop-gap solution, have the remote_async_inferior_event_handler re-mark the handler before calling inferior_event_handler and clear it in ::wait if there's nothing else to report. I have a patch that does that (in the middle of a big work-in-progress seri= es), as you can see it gets rid of the problematic code: https://review.lttng.org/c/binutils-gdb/+/4050/11 --=20 You are receiving this mail because: You are on the CC list for the bug.=