[PATCH] Remove MAX_REGISTER_SIZE from py-unwind.c
Pedro Alves
palves@redhat.com
Thu Jun 22 13:22:00 GMT 2017
On 06/22/2017 02:13 PM, Alan Hayward wrote:
> Ok, pushed with changes as suggested.
>
> Patch below.
Sorry, but this looks broken to me.
cached_frame_info is using the trailing array idiom ...
> @@ -93,7 +84,7 @@ typedef struct
> /* Length of the `reg' array below. */
> int reg_count;
>
> - struct reg_info reg[];
> + cached_reg_t reg[];
> } cached_frame_info;
>
>
> - cached_frame
> - = ((cached_frame_info *)
> - xmalloc (sizeof (*cached_frame)
> - + reg_count * sizeof (cached_frame->reg[0])));
> + cached_frame = XNEW (cached_frame_info);
but now you're not allocating enough space for the array elements...
> cached_frame->gdbarch = gdbarch;
> cached_frame->frame_id = unwind_info->frame_id;
> cached_frame->reg_count = reg_count;
> @@ -580,13 +568,14 @@ pyuw_sniffer (const struct frame_unwind *self, struct frame_info *this_frame,
> struct value *value = value_object_to_value (reg->value);
> size_t data_size = register_size (gdbarch, reg->number);
>
> - cached_frame->reg[i].number = reg->number;
> + cached_frame->reg[i].num = reg->number;
... that you're accessing here and below.
Valgrind probably shows the now-out-of-bounds accesses.
>
> /* `value' validation was done before, just assert. */
> gdb_assert (value != NULL);
> gdb_assert (data_size == TYPE_LENGTH (value_type (value)));
> gdb_assert (data_size <= MAX_REGISTER_SIZE);
>
> + cached_frame->reg[i].data = (gdb_byte *) xmalloc (data_size);
> memcpy (cached_frame->reg[i].data, value_contents (value), data_size);
> }
> }
> @@ -601,6 +590,11 @@ static void
> pyuw_dealloc_cache (struct frame_info *this_frame, void *cache)
> {
> TRACE_PY_UNWIND (3, "%s: enter", __FUNCTION__);
> + cached_frame_info *cached_frame = (cached_frame_info *) cache;
> +
> + for (int i = 0; cached_frame->reg_count; i++)
> + xfree (cached_frame->reg[i].data);
> +
> xfree (cache);
> }
>
More information about the Gdb-patches
mailing list