diff options
| author | Tom Tromey <tom@tromey.com> | 2018-07-29 19:21:01 -0600 |
|---|---|---|
| committer | Tom Tromey <tom@tromey.com> | 2018-11-29 10:47:42 -0700 |
| commit | d105de22fc385da878e8db44c9503a7f30419322 (patch) | |
| tree | 0c14538cb98df9bb05c66cef9ca25286feab9bf7 /gdb/gdbserver/linux-low.c | |
| parent | e368bf56d38afecd1ac0e19c9e9cb54e2bb4fad2 (diff) | |
| download | fsf-binutils-gdb-d105de22fc385da878e8db44c9503a7f30419322.zip fsf-binutils-gdb-d105de22fc385da878e8db44c9503a7f30419322.tar.gz fsf-binutils-gdb-d105de22fc385da878e8db44c9503a7f30419322.tar.bz2 | |
Fix use-after-free in gdbserver
-fsanitize=address pointed out a use-after-free in gdbserver. In
particular, handle_detach could reference "process" after it was
deleted by detach_inferior. Avoiding this also necessitated changing
target_ops::join to take a pid rather than a process_info*.
Tested by the buildbot using a few of the gdbserver builders.
gdb/gdbserver/ChangeLog
2018-11-29 Tom Tromey <tom@tromey.com>
* win32-low.c (win32_join): Take pid, not process.
* target.h (struct target_ops) <join>: Change argument type.
(join_inferior): Change argument name.
* spu-low.c (spu_join): Take pid, not process.
* server.c (handle_detach): Preserve pid before destroying
process.
* lynx-low.c (lynx_join): Take pid, not process.
* linux-low.c (linux_join): Take pid, not process.
Diffstat (limited to 'gdb/gdbserver/linux-low.c')
| -rw-r--r-- | gdb/gdbserver/linux-low.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/gdb/gdbserver/linux-low.c b/gdb/gdbserver/linux-low.c index 701f3e8..4d84927 100644 --- a/gdb/gdbserver/linux-low.c +++ b/gdb/gdbserver/linux-low.c @@ -1670,12 +1670,12 @@ linux_mourn (struct process_info *process) } static void -linux_join (process_info *proc) +linux_join (int pid) { int status, ret; do { - ret = my_waitpid (proc->pid, &status, 0); + ret = my_waitpid (pid, &status, 0); if (WIFEXITED (status) || WIFSIGNALED (status)) break; } while (ret != -1 || errno != ECHILD); |