public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug gdb/27133] Crash with set logging redirect and debugredirect
Date: Wed, 27 Jan 2021 22:16:13 +0000 [thread overview]
Message-ID: <bug-27133-4717-qwA4GTajfX@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-27133-4717@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=27133
--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Lancelot SIX <lsix@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=59b59f08f6448a77730c8d8dde5871f1bf6806d0
commit 59b59f08f6448a77730c8d8dde5871f1bf6806d0
Author: Lancelot SIX <lsix@lancelotsix.com>
Date: Fri Jan 1 20:11:28 2021 +0000
Avoid use after free with logging and debug redirect.
This patch addresses PR gdb/27133. Before it, the following succession
of commands would cause gdb to crash:
set logging redirect on
set logging debugredirect on
set logging on
The problem eventually comes down to a use after free. The function
cli_interp_base::set_logging is called with a unique_ptr argument that
holds a pointer to the redirection file. In the problematic use case,
no-one ever took ownership of that pointer (as far as unique_ptr is
concerned), so the call to its dtor at the end of the function causes
the file object to be deleted. Any later use of the pointer to the
redirection file is therefore an error.
This patch ensures that the unique_ptr is released when required (so it
does not assume ownership anymore). The internal logic of
cli_interp_base::set_logging takes care of freeing the ui_file when it
is not necessary anymore using the saved_output.file_to_delete field.
gdb/ChangeLog:
PR gdb/27133
* cli/cli-interp.c (cli_interp_base::set_logging): Ensure the
unique_ptr is released when the wrapped pointer is kept for later
use.
gdb/testsuite/ChangeLog:
PR gdb/27133
* gdb.base/ui-redirect.exp: Add test case that ensures that
redirecting both logging and debug does not cause gdb to crash.
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2021-01-27 22:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-31 7:08 [Bug gdb/27133] New: " nate at thatsmathematics dot com
2020-12-31 7:09 ` [Bug gdb/27133] " nate at thatsmathematics dot com
2021-01-13 12:11 ` sourceware at lancelotsix dot com
2021-01-27 22:16 ` cvs-commit at gcc dot gnu.org [this message]
2021-01-28 13:56 ` tromey at sourceware dot org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-27133-4717-qwA4GTajfX@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=gdb-prs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).