From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 5E7A83858001; Sun, 29 Nov 2020 15:15:35 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5E7A83858001
From: "simark at simark dot ca" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug remote/26614] AddressSanitizer: heap-use-after-free of
 extended_remote_target in remote_async_inferior_event_handler
Date: Sun, 29 Nov 2020 15:15:35 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gdb
X-Bugzilla-Component: remote
X-Bugzilla-Version: HEAD
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: simark at simark dot ca
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-26614-4717-hOQH3un8Ei@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-26614-4717@http.sourceware.org/bugzilla/>
References: <bug-26614-4717@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gdb-prs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-prs mailing list <gdb-prs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-prs>,
 <mailto:gdb-prs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-prs/>
List-Help: <mailto:gdb-prs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-prs>,
 <mailto:gdb-prs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2020 15:15:35 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D26614

--- Comment #13 from Simon Marchi <simark at simark dot ca> ---
If that's indeed the problem, I can see two solutions:

1. Have some kind of listener that the function can install locally to get
notified if the target gets destroyed, and skip the following code if so.
2. That code exists to re-mark the async event handler if we still have thi=
ngs
to report, because it is automatically cleared by check_async_event_handler=
s.=20
Instead, we can make check_async_event_handlers leave the async event handl=
er
marked and let the target clear it in its ::wait implementation when it no
longer has anything to report.  Or, as a stop-gap solution, have the
remote_async_inferior_event_handler re-mark the handler before calling
inferior_event_handler and clear it in ::wait if there's nothing else to
report.

I have a patch that does that (in the middle of a big work-in-progress seri=
es),
as you can see it gets rid of the problematic code:

   https://review.lttng.org/c/binutils-gdb/+/4050/11

--=20
You are receiving this mail because:
You are on the CC list for the bug.=