[Bug gdb/27133] New: Crash with set logging redirect and debugredirect

[Bug gdb/27133] New: Crash with set logging redirect and debugredirect

[nate at thatsmathematics dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=27133

            Bug ID: 27133
           Summary: Crash with set logging redirect and debugredirect
           Product: gdb
           Version: HEAD
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: nate at thatsmathematics dot com
  Target Milestone: ---

gdb crashes with SIGABRT when I run the following sequence of commands:

set logging redirect on
set logging debugredirect on
set logging on

Reproduced with latest HEAD (commit 391750c35548611) on x86_64-pc-linux-gnu
(Ubuntu 20.04).  Also reproduced with Ubuntu's 9.2.0 on x86_64 Ubuntu 20.04 and
aarch64 Ubuntu 20.10 (where it gets SIGBUS instead).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/27133] Crash with set logging redirect and debugredirect

[nate at thatsmathematics dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=27133

Nate Eldredge <nate at thatsmathematics dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |nate at thatsmathematics dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/27133] Crash with set logging redirect and debugredirect

[sourceware at lancelotsix dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=27133

Lancelot SIX <sourceware at lancelotsix dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sourceware at lancelotsix dot com

--- Comment #1 from Lancelot SIX <sourceware at lancelotsix dot com> ---
Created attachment 13118
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13118&action=edit
Patch to fix the issue

Hi,

This comes dowm to a use after delete problem.

The attach patch has been proposed to gdb-patches@.

I cannot assign myself to the bug so I mainly attach this patch so no-one
spends time investigating on this problem.

Multiple implementations are possible to solve this problem, none entirely
satisfactory to my taste.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/27133] Crash with set logging redirect and debugredirect

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=27133

--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Lancelot SIX <lsix@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=59b59f08f6448a77730c8d8dde5871f1bf6806d0

commit 59b59f08f6448a77730c8d8dde5871f1bf6806d0
Author: Lancelot SIX <lsix@lancelotsix.com>
Date:   Fri Jan 1 20:11:28 2021 +0000

    Avoid use after free with logging and debug redirect.

    This patch addresses PR gdb/27133. Before it, the following succession
    of commands would cause gdb to crash:

            set logging redirect on
            set logging debugredirect on
            set logging on

    The problem eventually comes down to a use after free. The function
    cli_interp_base::set_logging is called with a unique_ptr argument that
    holds a pointer to the redirection file. In the problematic use case,
    no-one ever took ownership of that pointer (as far as unique_ptr is
    concerned), so the call to its dtor at the end of the function causes
    the file object to be deleted. Any later use of the pointer to the
    redirection file is therefore an error.

    This patch ensures that the unique_ptr is released  when required (so it
    does not assume ownership anymore). The internal logic of
    cli_interp_base::set_logging takes care of freeing the ui_file when it
    is not necessary anymore using the saved_output.file_to_delete field.

    gdb/ChangeLog:

            PR gdb/27133
            * cli/cli-interp.c (cli_interp_base::set_logging): Ensure the
            unique_ptr is released when the wrapped pointer is kept for later
            use.

    gdb/testsuite/ChangeLog:

            PR gdb/27133
            * gdb.base/ui-redirect.exp: Add test case that ensures that
            redirecting both logging and debug does not cause gdb to crash.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/27133] Crash with set logging redirect and debugredirect

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=27133

Tom Tromey <tromey at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tromey at sourceware dot org
   Target Milestone|---                         |11.1
         Resolution|---                         |FIXED
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #3 from Tom Tromey <tromey at sourceware dot org> ---
Fixed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.