public inbox for gdb-prs@sourceware.org help / color / mirror / Atom feed
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org> To: gdb-prs@sourceware.org Subject: [Bug gdb/27133] Crash with set logging redirect and debugredirect Date: Wed, 27 Jan 2021 22:16:13 +0000 [thread overview] Message-ID: <bug-27133-4717-qwA4GTajfX@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-27133-4717@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=27133 --- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Lancelot SIX <lsix@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=59b59f08f6448a77730c8d8dde5871f1bf6806d0 commit 59b59f08f6448a77730c8d8dde5871f1bf6806d0 Author: Lancelot SIX <lsix@lancelotsix.com> Date: Fri Jan 1 20:11:28 2021 +0000 Avoid use after free with logging and debug redirect. This patch addresses PR gdb/27133. Before it, the following succession of commands would cause gdb to crash: set logging redirect on set logging debugredirect on set logging on The problem eventually comes down to a use after free. The function cli_interp_base::set_logging is called with a unique_ptr argument that holds a pointer to the redirection file. In the problematic use case, no-one ever took ownership of that pointer (as far as unique_ptr is concerned), so the call to its dtor at the end of the function causes the file object to be deleted. Any later use of the pointer to the redirection file is therefore an error. This patch ensures that the unique_ptr is released when required (so it does not assume ownership anymore). The internal logic of cli_interp_base::set_logging takes care of freeing the ui_file when it is not necessary anymore using the saved_output.file_to_delete field. gdb/ChangeLog: PR gdb/27133 * cli/cli-interp.c (cli_interp_base::set_logging): Ensure the unique_ptr is released when the wrapped pointer is kept for later use. gdb/testsuite/ChangeLog: PR gdb/27133 * gdb.base/ui-redirect.exp: Add test case that ensures that redirecting both logging and debug does not cause gdb to crash. -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2021-01-27 22:16 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-12-31 7:08 [Bug gdb/27133] New: " nate at thatsmathematics dot com 2020-12-31 7:09 ` [Bug gdb/27133] " nate at thatsmathematics dot com 2021-01-13 12:11 ` sourceware at lancelotsix dot com 2021-01-27 22:16 ` cvs-commit at gcc dot gnu.org [this message] 2021-01-28 13:56 ` tromey at sourceware dot org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-27133-4717-qwA4GTajfX@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=gdb-prs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).