This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Remove MAX_REGISTER_SIZE from py-unwind.c

From: Pedro Alves <palves at redhat dot com>
To: Alan Hayward <Alan dot Hayward at arm dot com>, Yao Qi <qiyaoltc at gmail dot com>
Cc: "gdb-patches at sourceware dot org" <gdb-patches at sourceware dot org>, nd <nd at arm dot com>
Date: Thu, 22 Jun 2017 14:22:07 +0100
Subject: Re: [PATCH] Remove MAX_REGISTER_SIZE from py-unwind.c
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=palves at redhat dot com
Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 97B6C30AF5D
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 97B6C30AF5D
References: <E4218BDE-2A92-490F-9443-27E25F4237C4@arm.com> <86bmpgjso6.fsf@gmail.com> <82556349-1E8C-44C3-9FC9-68F15E36D4D4@arm.com>

On 06/22/2017 02:13 PM, Alan Hayward wrote:

> Ok, pushed with changes as suggested.
> 
> Patch below.

Sorry, but this looks broken to me.

cached_frame_info is using the trailing array idiom ...

> @@ -93,7 +84,7 @@ typedef struct
>    /* Length of the `reg' array below.  */
>    int reg_count;
> 
> -  struct reg_info reg[];
> +  cached_reg_t reg[];
>  } cached_frame_info;
> 

> 
> -    cached_frame
> -      = ((cached_frame_info *)
> -	 xmalloc (sizeof (*cached_frame)
> -		  + reg_count * sizeof (cached_frame->reg[0])));
> +    cached_frame = XNEW (cached_frame_info);

but now you're not allocating enough space for the array elements...


>      cached_frame->gdbarch = gdbarch;
>      cached_frame->frame_id = unwind_info->frame_id;
>      cached_frame->reg_count = reg_count;
> @@ -580,13 +568,14 @@ pyuw_sniffer (const struct frame_unwind *self, struct frame_info *this_frame,
>          struct value *value = value_object_to_value (reg->value);
>          size_t data_size = register_size (gdbarch, reg->number);
> 
> -        cached_frame->reg[i].number = reg->number;
> +	cached_frame->reg[i].num = reg->number;

... that you're accessing here and below.

Valgrind probably shows the now-out-of-bounds accesses.

> 
>          /* `value' validation was done before, just assert.  */
>          gdb_assert (value != NULL);
>          gdb_assert (data_size == TYPE_LENGTH (value_type (value)));
>          gdb_assert (data_size <= MAX_REGISTER_SIZE);
> 
> +	cached_frame->reg[i].data = (gdb_byte *) xmalloc (data_size);
>          memcpy (cached_frame->reg[i].data, value_contents (value), data_size);
>        }
>    }
> @@ -601,6 +590,11 @@ static void
>  pyuw_dealloc_cache (struct frame_info *this_frame, void *cache)
>  {
>    TRACE_PY_UNWIND (3, "%s: enter", __FUNCTION__);
> +  cached_frame_info *cached_frame = (cached_frame_info *) cache;
> +
> +  for (int i = 0; cached_frame->reg_count; i++)
> +    xfree (cached_frame->reg[i].data);
> +
>    xfree (cache);
>  }
>

Follow-Ups:
- Re: [PATCH] Remove MAX_REGISTER_SIZE from py-unwind.c
  - From: Alan Hayward

References:
- [PATCH] Remove MAX_REGISTER_SIZE from py-unwind.c
  - From: Alan Hayward
- Re: [PATCH] Remove MAX_REGISTER_SIZE from py-unwind.c
  - From: Yao Qi
- Re: [PATCH] Remove MAX_REGISTER_SIZE from py-unwind.c
  - From: Alan Hayward

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]