From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 05B3D398B8A8; Wed, 27 Jan 2021 22:16:13 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 05B3D398B8A8 From: "cvs-commit at gcc dot gnu.org" To: gdb-prs@sourceware.org Subject: [Bug gdb/27133] Crash with set logging redirect and debugredirect Date: Wed, 27 Jan 2021 22:16:13 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: gdb X-Bugzilla-Version: HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gdb-prs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-prs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jan 2021 22:16:14 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D27133 --- Comment #2 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Lancelot SIX : https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D59b59f08f644= 8a77730c8d8dde5871f1bf6806d0 commit 59b59f08f6448a77730c8d8dde5871f1bf6806d0 Author: Lancelot SIX Date: Fri Jan 1 20:11:28 2021 +0000 Avoid use after free with logging and debug redirect. This patch addresses PR gdb/27133. Before it, the following succession of commands would cause gdb to crash: set logging redirect on set logging debugredirect on set logging on The problem eventually comes down to a use after free. The function cli_interp_base::set_logging is called with a unique_ptr argument that holds a pointer to the redirection file. In the problematic use case, no-one ever took ownership of that pointer (as far as unique_ptr is concerned), so the call to its dtor at the end of the function causes the file object to be deleted. Any later use of the pointer to the redirection file is therefore an error. This patch ensures that the unique_ptr is released when required (so it does not assume ownership anymore). The internal logic of cli_interp_base::set_logging takes care of freeing the ui_file when it is not necessary anymore using the saved_output.file_to_delete field. gdb/ChangeLog: PR gdb/27133 * cli/cli-interp.c (cli_interp_base::set_logging): Ensure the unique_ptr is released when the wrapped pointer is kept for lat= er use. gdb/testsuite/ChangeLog: PR gdb/27133 * gdb.base/ui-redirect.exp: Add test case that ensures that redirecting both logging and debug does not cause gdb to crash. --=20 You are receiving this mail because: You are on the CC list for the bug.=