[PATCHv13 4/6] gdb: parse pending breakpoint thread/task immediately

Sun Sep 8 20:40:36 GMT 2024

This patch has a bug which CI testing revealed.  Pushed the patch below
to resolve it.

Thanks,
Andrew

---

commit da8730e8f9255b683f0b5d311ac31cabf84fa1de
Author: Andrew Burgess <aburgess@redhat.com>
Date:   Sun Sep 8 21:17:55 2024 +0100

    gdb: fix use of out of scope temporary variable in break-cond-parse.c
    
    The commit:
    
      commit c6b486755e020095710c7494d029577ca967a13a
      Date:   Thu Mar 30 19:21:22 2023 +0100
    
          gdb: parse pending breakpoint thread/task immediately
    
    Introduce a use bug where the value of a temporary variable was being
    used after it had gone out of scope.  This was picked up by the
    address sanitizer and would result in this error:
    
      (gdb) maintenance selftest create_breakpoint_parse_arg_string
      Running selftest create_breakpoint_parse_arg_string.
      =================================================================
      ==2265825==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fbb08046511 at pc 0x000001632230 bp 0x7fff7c2fb770 sp 0x7fff7c2fb768
      READ of size 1 at 0x7fbb08046511 thread T0
          #0 0x163222f in create_breakpoint_parse_arg_string(char const*, std::unique_ptr<char, gdb::xfree_deleter<char> >*, int*, int*, int*, std::unique_ptr<char, gdb::xfree_deleter<char> >*, bool*) ../../src/gdb/break-cond-parse.c:496
          #1 0x1633026 in test ../../src/gdb/break-cond-parse.c:582
          #2 0x163391b in create_breakpoint_parse_arg_string_tests ../../src/gdb/break-cond-parse.c:649
          #3 0x12cfebc in void std::__invoke_impl<void, void (*&)()>(std::__invoke_other, void (*&)()) /usr/include/c++/13/bits/invoke.h:61
          #4 0x12cc8ee in std::enable_if<is_invocable_r_v<void, void (*&)()>, void>::type std::__invoke_r<void, void (*&)()>(void (*&)()) /usr/include/c++/13/bits/invoke.h:111
          #5 0x12c81e5 in std::_Function_handler<void (), void (*)()>::_M_invoke(std::_Any_data const&) /usr/include/c++/13/bits/std_function.h:290
          #6 0x18bb51d in std::function<void ()>::operator()() const /usr/include/c++/13/bits/std_function.h:591
          #7 0x4193ef9 in selftests::run_tests(gdb::array_view<char const* const>, bool) ../../src/gdbsupport/selftest.cc:100
          #8 0x21c2206 in maintenance_selftest ../../src/gdb/maint.c:1172
          ... etc ...
    
    The problem was caused by three lines like this one:
    
      thread_info *thr
        = parse_thread_id (std::string (t.get_value ()).c_str (), &tmptok);
    
    After parsing the thread-id TMPTOK would be left pointing into the
    temporary string which had been created on this line.  When on the
    next line we did this:
    
      gdb_assert (*tmptok == '\0');
    
    The value of *TMPTOK is undefined.
    
    Fix this by creating the std::string earlier in the scope.  Now the
    contents of the string will remain valid when we check *TMPTOK.  The
    address sanitizer issue is now resolved.

diff --git a/gdb/break-cond-parse.c b/gdb/break-cond-parse.c
index f5fe308a923..b2b1324479f 100644
--- a/gdb/break-cond-parse.c
+++ b/gdb/break-cond-parse.c
@@ -478,6 +478,7 @@ create_breakpoint_parse_arg_string
 
   for (const token &t : tokens)
     {
+      std::string tok_value (t.get_value ());
       switch (t.get_type ())
 	{
 	case token::type::FORCE:
@@ -490,9 +491,7 @@ create_breakpoint_parse_arg_string
 	    if (task != -1 || inferior != -1)
 	      error ("You can specify only one of thread, inferior, or task.");
 	    const char *tmptok;
-	    thread_info *thr
-	      = parse_thread_id (std::string (t.get_value ()).c_str (),
-				 &tmptok);
+	    thread_info *thr = parse_thread_id (tok_value.c_str (), &tmptok);
 	    gdb_assert (*tmptok == '\0');
 	    thread = thr->global_num;
 	  }
@@ -504,8 +503,7 @@ create_breakpoint_parse_arg_string
 	    if (task != -1 || thread != -1)
 	      error ("You can specify only one of thread, inferior, or task.");
 	    char *tmptok;
-	    long inferior_id
-	      = strtol (std::string (t.get_value ()).c_str (), &tmptok, 0);
+	    long inferior_id = strtol (tok_value.c_str (), &tmptok, 0);
 	    if (*tmptok != '\0')
 	      error (_("Junk '%s' after inferior keyword."), tmptok);
 	    if (inferior_id > INT_MAX)
@@ -523,8 +521,7 @@ create_breakpoint_parse_arg_string
 	    if (inferior != -1 || thread != -1)
 	      error ("You can specify only one of thread, inferior, or task.");
 	    char *tmptok;
-	    long task_id
-	      = strtol (std::string (t.get_value ()).c_str (), &tmptok, 0);
+	    long task_id = strtol (tok_value.c_str (), &tmptok, 0);
 	    if (*tmptok != '\0')
 	      error (_("Junk '%s' after task keyword."), tmptok);
 	    if (task_id > INT_MAX)

