diff options
author | Andrew Burgess <andrew.burgess@embecosm.com> | 2020-06-05 18:13:09 +0100 |
---|---|---|
committer | Andrew Burgess <andrew.burgess@embecosm.com> | 2020-06-05 19:21:20 +0100 |
commit | 982a38f60b0ece9385556cff45567e06710478cb (patch) | |
tree | fa4c253cc30c00311580da894a7d797ccf918c42 /gdb/python | |
parent | f1919c56e1ffce63c5dbd60c9b29c492be9d0787 (diff) | |
download | gdb-982a38f60b0ece9385556cff45567e06710478cb.zip gdb-982a38f60b0ece9385556cff45567e06710478cb.tar.gz gdb-982a38f60b0ece9385556cff45567e06710478cb.tar.bz2 |
gdb/python: Avoid use after free in py-tui.c
When setting the window title of a tui frame we do this:
gdb::unique_xmalloc_ptr<char> value
= python_string_to_host_string (<python-object>);
...
win->window->title = value.get ();
The problem here is that 'get ()' only borrows the pointer from value,
when value goes out of scope the pointer will be freed. As a result,
the tui frame will be left with a pointer to undefined memory
contents.
Instead we should be using 'value.release ()' to take ownership of the
pointer from value.
gdb/ChangeLog:
* python/py-tui.c (gdbpy_tui_set_title): Use release, not get, to
avoid use after free.
Diffstat (limited to 'gdb/python')
-rw-r--r-- | gdb/python/py-tui.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/gdb/python/py-tui.c b/gdb/python/py-tui.c index ca88f85..f2c0339 100644 --- a/gdb/python/py-tui.c +++ b/gdb/python/py-tui.c @@ -433,7 +433,7 @@ gdbpy_tui_set_title (PyObject *self, PyObject *newvalue, void *closure) if (value == nullptr) return -1; - win->window->title = value.get (); + win->window->title = value.release (); return 0; } |