diff options
| author | Lancelot SIX <lancelot.six@amd.com> | 2025-10-13 15:11:09 +0100 | 
|---|---|---|
| committer | Lancelot SIX <lancelot.six@amd.com> | 2025-10-14 15:20:18 +0100 | 
| commit | 93f536d813c41527e8c939a5f8a90a4b37a5abab (patch) | |
| tree | 586033ab919a332ddc5c51fb44d66d08a234c718 /libctf/ctf-serialize.c | |
| parent | 96d73418e905d53a97bbc0b05cb95698aefb8175 (diff) | |
| download | binutils-93f536d813c41527e8c939a5f8a90a4b37a5abab.zip binutils-93f536d813c41527e8c939a5f8a90a4b37a5abab.tar.gz binutils-93f536d813c41527e8c939a5f8a90a4b37a5abab.tar.bz2 | |
gdb/corelow: Fix use-after-free in gdb_read_core_file_mappings
A recent refactor (fc8e5a565b3 -- gdb: make structured core file
mappings processing global) in gdb/corelow.c:gdb_read_core_file_mappings
introduced a use-after-free bug detected by address sanitizer.
In this change, a cache is built which holds addresses to elements of a
std::vector.  However, as elements as inserted in the vector, the
addresses in the cache should be invalidated, but are not, leading to
the use-after-free issue.
This patch proposes to store the index in the vector in the cache
instead of the address of the element, solving the invalidation issue.
An alternative approach could be to use a std::list which does not need
invalidation of addresses/references/iterators as the container is
grown.
Change-Id: Ib57d87c5d0405ffa3b7d38557fb33f7283c5d063
Approved-By: Andrew Burgess <aburgess@redhat.com>
Diffstat (limited to 'libctf/ctf-serialize.c')
0 files changed, 0 insertions, 0 deletions
