diff options
| author | Andrew Burgess <andrew.burgess@embecosm.com> | 2020-06-05 18:13:09 +0100 |
|---|---|---|
| committer | Andrew Burgess <andrew.burgess@embecosm.com> | 2020-06-05 19:21:20 +0100 |
| commit | 982a38f60b0ece9385556cff45567e06710478cb (patch) | |
| tree | fa4c253cc30c00311580da894a7d797ccf918c42 /gdbsupport/ptid.h | |
| parent | f1919c56e1ffce63c5dbd60c9b29c492be9d0787 (diff) | |
| download | gdb-982a38f60b0ece9385556cff45567e06710478cb.zip gdb-982a38f60b0ece9385556cff45567e06710478cb.tar.gz gdb-982a38f60b0ece9385556cff45567e06710478cb.tar.bz2 | |
gdb/python: Avoid use after free in py-tui.c
When setting the window title of a tui frame we do this:
gdb::unique_xmalloc_ptr<char> value
= python_string_to_host_string (<python-object>);
...
win->window->title = value.get ();
The problem here is that 'get ()' only borrows the pointer from value,
when value goes out of scope the pointer will be freed. As a result,
the tui frame will be left with a pointer to undefined memory
contents.
Instead we should be using 'value.release ()' to take ownership of the
pointer from value.
gdb/ChangeLog:
* python/py-tui.c (gdbpy_tui_set_title): Use release, not get, to
avoid use after free.
Diffstat (limited to 'gdbsupport/ptid.h')
0 files changed, 0 insertions, 0 deletions