diff options
| author | Tom Tromey <tom@tromey.com> | 2018-07-28 14:19:09 -0600 |
|---|---|---|
| committer | Tom Tromey <tom@tromey.com> | 2018-10-23 13:45:33 -0600 |
| commit | 79b8d3b090bcbfbcffa8bdd195476c6db172273b (patch) | |
| tree | 279d15061079bf9051d8f38331e7f3c993a52083 /gdb | |
| parent | f47998d69f8d290564c022b010e63d5886a1fd7d (diff) | |
| download | gdb-79b8d3b090bcbfbcffa8bdd195476c6db172273b.zip gdb-79b8d3b090bcbfbcffa8bdd195476c6db172273b.tar.gz gdb-79b8d3b090bcbfbcffa8bdd195476c6db172273b.tar.bz2 | |
Fix use-after-free in record_btrace_start_replaying
-fsanitize=address showed a use-after-free in
record_btrace_start_replaying. The bug occurred because
get_thread_current_frame returned a frame_info, but this object was
then invalidated before the return by ~scoped_restore_current_thread.
This patch fixes the problem by renaming get_thread_current_frame and
having it return a frame id.
gdb/ChangeLog
2018-10-23 Tom Tromey <tom@tromey.com>
* record-btrace.c (get_thread_current_frame_id): Rename from
get_thread_current_frame. Return a frame_id.
(record_btrace_start_replaying): Update.
Diffstat (limited to 'gdb')
| -rw-r--r-- | gdb/ChangeLog | 6 | ||||
| -rw-r--r-- | gdb/record-btrace.c | 19 |
2 files changed, 14 insertions, 11 deletions
diff --git a/gdb/ChangeLog b/gdb/ChangeLog index db4c6b1..19a87f4 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,9 @@ +2018-10-23 Tom Tromey <tom@tromey.com> + + * record-btrace.c (get_thread_current_frame_id): Rename from + get_thread_current_frame. Return a frame_id. + (record_btrace_start_replaying): Update. + 2018-10-23 Andrew Burgess <andrew.burgess@embecosm.com> * riscv-tdep.c (riscv_register_name): Use the user-friendly names diff --git a/gdb/record-btrace.c b/gdb/record-btrace.c index aabe9f5..c0e3341 100644 --- a/gdb/record-btrace.c +++ b/gdb/record-btrace.c @@ -1967,10 +1967,10 @@ record_btrace_resume_thread (struct thread_info *tp, /* Get the current frame for TP. */ -static struct frame_info * -get_thread_current_frame (struct thread_info *tp) +static struct frame_id +get_thread_current_frame_id (struct thread_info *tp) { - struct frame_info *frame; + struct frame_id id; int executing; /* Set current thread, which is implicitly used by @@ -1989,10 +1989,10 @@ get_thread_current_frame (struct thread_info *tp) executing = tp->executing; set_executing (inferior_ptid, false); - frame = NULL; + id = null_frame_id; TRY { - frame = get_current_frame (); + id = get_frame_id (get_current_frame ()); } CATCH (except, RETURN_MASK_ALL) { @@ -2006,7 +2006,7 @@ get_thread_current_frame (struct thread_info *tp) /* Restore the previous execution state. */ set_executing (inferior_ptid, executing); - return frame; + return id; } /* Start replaying a thread. */ @@ -2031,13 +2031,11 @@ record_btrace_start_replaying (struct thread_info *tp) subroutines after we started replaying. */ TRY { - struct frame_info *frame; struct frame_id frame_id; int upd_step_frame_id, upd_step_stack_frame_id; /* The current frame without replaying - computed via normal unwind. */ - frame = get_thread_current_frame (tp); - frame_id = get_frame_id (frame); + frame_id = get_thread_current_frame_id (tp); /* Check if we need to update any stepping-related frame id's. */ upd_step_frame_id = frame_id_eq (frame_id, @@ -2068,8 +2066,7 @@ record_btrace_start_replaying (struct thread_info *tp) registers_changed_thread (tp); /* The current frame with replaying - computed via btrace unwind. */ - frame = get_thread_current_frame (tp); - frame_id = get_frame_id (frame); + frame_id = get_thread_current_frame_id (tp); /* Replace stepping related frames where necessary. */ if (upd_step_frame_id) |