aboutsummaryrefslogtreecommitdiff
path: root/gdb/python
diff options
context:
space:
mode:
authorAndrew Burgess <andrew.burgess@embecosm.com>2020-06-05 18:13:09 +0100
committerAndrew Burgess <andrew.burgess@embecosm.com>2020-06-05 19:21:20 +0100
commit982a38f60b0ece9385556cff45567e06710478cb (patch)
treefa4c253cc30c00311580da894a7d797ccf918c42 /gdb/python
parentf1919c56e1ffce63c5dbd60c9b29c492be9d0787 (diff)
downloadgdb-982a38f60b0ece9385556cff45567e06710478cb.zip
gdb-982a38f60b0ece9385556cff45567e06710478cb.tar.gz
gdb-982a38f60b0ece9385556cff45567e06710478cb.tar.bz2
gdb/python: Avoid use after free in py-tui.c
When setting the window title of a tui frame we do this: gdb::unique_xmalloc_ptr<char> value = python_string_to_host_string (<python-object>); ... win->window->title = value.get (); The problem here is that 'get ()' only borrows the pointer from value, when value goes out of scope the pointer will be freed. As a result, the tui frame will be left with a pointer to undefined memory contents. Instead we should be using 'value.release ()' to take ownership of the pointer from value. gdb/ChangeLog: * python/py-tui.c (gdbpy_tui_set_title): Use release, not get, to avoid use after free.
Diffstat (limited to 'gdb/python')
-rw-r--r--gdb/python/py-tui.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/gdb/python/py-tui.c b/gdb/python/py-tui.c
index ca88f85..f2c0339 100644
--- a/gdb/python/py-tui.c
+++ b/gdb/python/py-tui.c
@@ -433,7 +433,7 @@ gdbpy_tui_set_title (PyObject *self, PyObject *newvalue, void *closure)
if (value == nullptr)
return -1;
- win->window->title = value.get ();
+ win->window->title = value.release ();
return 0;
}