diff options
| author | Tom Tromey <tromey@adacore.com> | 2020-10-20 10:28:58 -0600 |
|---|---|---|
| committer | Tom Tromey <tromey@adacore.com> | 2020-10-20 10:36:04 -0600 |
| commit | a9b45cb77662d0bb8d312140eee94146f34bd3ce (patch) | |
| tree | ac3f78889d431f8b80a364f4cb1904199ec6bceb | |
| parent | e0c45dedd909c7a0a6621bdc9061051c185123bb (diff) | |
| download | gdb-a9b45cb77662d0bb8d312140eee94146f34bd3ce.zip gdb-a9b45cb77662d0bb8d312140eee94146f34bd3ce.tar.gz gdb-a9b45cb77662d0bb8d312140eee94146f34bd3ce.tar.bz2 | |
Fix undefined behavior in gdbserver
PR gdb/26742 points out some undefined behavior in gdbserver. The bug
is that remove_thread does:
free_one_thread (thread);
if (current_thread == thread)
current_thread = NULL;
However, the equality check is undefined, because "thread" has already
been freed.
This patch fixes the bug by moving the check earlier.
Tested on x86-64 Fedora 32.
2020-10-20 Tom Tromey <tromey@adacore.com>
PR gdb/26742:
* inferiors.cc (remove_thread): Clear current_thread before
freeing the thread.
| -rw-r--r-- | gdbserver/ChangeLog | 6 | ||||
| -rw-r--r-- | gdbserver/inferiors.cc | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/gdbserver/ChangeLog b/gdbserver/ChangeLog index e93e4ea..fd0a4bf 100644 --- a/gdbserver/ChangeLog +++ b/gdbserver/ChangeLog @@ -1,3 +1,9 @@ +2020-10-20 Tom Tromey <tromey@adacore.com> + + PR gdb/26742: + * inferiors.cc (remove_thread): Clear current_thread before + freeing the thread. + 2020-10-13 Kamil Rytarowski <n54@gmx.com>x * netbsd-low.cc (netbsd_tdesc): Remove. diff --git a/gdbserver/inferiors.cc b/gdbserver/inferiors.cc index 861c9f3..9a1280d 100644 --- a/gdbserver/inferiors.cc +++ b/gdbserver/inferiors.cc @@ -103,9 +103,9 @@ remove_thread (struct thread_info *thread) discard_queued_stop_replies (ptid_of (thread)); all_threads.remove (thread); - free_one_thread (thread); if (current_thread == thread) current_thread = NULL; + free_one_thread (thread); } void * |