From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 20859 invoked by alias); 22 Mar 2017 15:07:26 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 20844 invoked by uid 89); 22 Mar 2017 15:07:25 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 22 Mar 2017 15:07:24 +0000 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E78BB437F4B; Wed, 22 Mar 2017 15:07:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E78BB437F4B Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=palves@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E78BB437F4B Received: from [127.0.0.1] (ovpn04.gateway.prod.ext.phx2.redhat.com [10.5.9.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5126B17A74; Wed, 22 Mar 2017 15:07:24 +0000 (UTC) Subject: Re: [PATCH] Fix read after xfree in linux_nat_detach To: Philipp Rudo , gdb-patches@sourceware.org References: <20170322131132.98976-1-prudo@linux.vnet.ibm.com> <20170322131132.98976-2-prudo@linux.vnet.ibm.com> From: Pedro Alves Message-ID: <1ba8e9a2-2155-cab4-a530-ef7344a40c33@redhat.com> Date: Wed, 22 Mar 2017 15:07:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20170322131132.98976-2-prudo@linux.vnet.ibm.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-SW-Source: 2017-03/txt/msg00398.txt.bz2 On 03/22/2017 01:11 PM, Philipp Rudo wrote: > At the end of linux_nat_detach there is a check whether the inferior has a > fork. If no fork exists the main_lwp is detached (detach_one_lwp) and > later, outside the check, deleted (delete_lwp). This is problematic as > detach_one_lwp also calls delete_lwp freeing main_lwp. Thus the second > call to delete_lwp reads from already freed memory. Fix this by removing > delete_lwp at the end of detach_one_lwp. Why not just move that unconditional call to delete_lwp call at the end of linux_nat_detach to the forks_exist_p/true branch? Actually, that call looks unnecessary for the fork case too, since we have: linux_fork_detach -> fork_load_infrun_state -> linux_nat_switch_fork -> purge_lwp_list -> lwp_lwpid_htab_remove_pid -> lwp_free So... couldn't we just remove that delete_lwp line and be done with it? Thanks, Pedro Alves