From aab91c55c3371b459f923138f2a910e0d223f229 Mon Sep 17 00:00:00 2001
From: Guinevere Larsen <guinevere@redhat.com>
Date: Tue, 29 Apr 2025 11:39:56 -0300
Subject: gdb: Stop exec_close looking like a UAF weakness

A recent static analyzer run flagged that program_space::exec_close
could be using a pointer after it has been freed. This is not true, as
the pointer is never dereferenced, the address is used for comparisons.

However, to avoid false positives from static analyzers (or bogus
security bugs), this commit makes the code stop looking like a UAF by
moving the unique_ptr into a local unique_ptr, so that there is no way
someone would think memory could be used after being freed.

Approved-By: Tom Tromey <tom@tromey.com>
---
 gdb/progspace.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'gdb/progspace.c')

diff --git a/gdb/progspace.c b/gdb/progspace.c
index 569dfc8..fcfdbd7 100644
--- a/gdb/progspace.c
+++ b/gdb/progspace.c
@@ -202,12 +202,14 @@ program_space::exec_close ()
   if (ebfd != nullptr)
     {
       /* Removing target sections may close the exec_ops target.
-	 Clear ebfd before doing so to prevent recursion.  */
-      bfd *saved_ebfd = ebfd.get ();
+	 Clear ebfd before doing so to prevent recursion.  We
+	 move it to another ref_ptr instead of saving it to a raw
+	 pointer to avoid it looking like possible use-after-free.  */
+      gdb_bfd_ref_ptr saved_ebfd = std::move(ebfd);
       ebfd.reset (nullptr);
       ebfd_mtime = 0;
 
-      remove_target_sections (saved_ebfd);
+      remove_target_sections (saved_ebfd.get ());
 
       m_exec_filename.reset ();
     }
-- 
cgit v1.1