[PATCH 2/3] gdb/varobj: Fix use after free in varobj
Lancelot SIX
Lancelot.Six@amd.com
Mon Jun 20 15:52:05 GMT 2022
>>> + if ((*var_handle)->root->exp == nullptr)
>>> + return nullptr;
>>> +
>>
>> I notice that non of the tests in either this patch, or the next one,
>> exercise this condition.
>>
>> Is it possible to create a test for this case?
>
> Will do. Issuing a "-var-update" after the dlclose call in the test
> should exercise this. I did that manually, but forgot to include it in
> the testcaes.
>
Actually, after double checking, this case is not possible. We cannot
reach this point if the the varobj is invalid. The only way to have
`exp == nullptr` and a valid varobj is if the varobj floating.
In this particular case, code a couple of lines above ensure that either
the expression is re-parsed (ensuring exp is not nullptr), or exit the
all function early:
if (var->root->floating)
{
struct varobj *tmp_var;
tmp_var = varobj_create (NULL, var->name.c_str (), (CORE_ADDR) 0,
USE_SELECTED_FRAME);
if (tmp_var == NULL)
{
return NULL;
}
...
}
I'll drop this part of the patch in V2.
I will still update the testcase to still exercise the case where:
var->root->floating && var->root->exp == nullptr
on entry of this function.
Best,
Lancelot.
More information about the Gdb-patches
mailing list