From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id si3GLsHykWNAXCIAWB0awg (envelope-from ) for ; Thu, 08 Dec 2022 09:20:49 -0500 Received: by simark.ca (Postfix, from userid 112) id AE4171E124; Thu, 8 Dec 2022 09:20:49 -0500 (EST) Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=DSzwY1dP; dkim-atps=neutral X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 1C14D1E112 for ; Thu, 8 Dec 2022 09:20:49 -0500 (EST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A198E39385B4 for ; Thu, 8 Dec 2022 14:20:48 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A198E39385B4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1670509248; bh=eThvUgUrl8ugqWJv3F6TKtXF2yCc2JZb9Bk7iVf7FGY=; h=To:CC:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=DSzwY1dP1pmPrioVeG+jDGMzqyiLh1dl9AvI8SgLjrXpG7mm18ErvIc+dZgYCfObW VgtHgCd8/ZQo4/ym1O3mubMntf/0Qnt9G81UBTEb9VAgb6AMILKcpsnAFHN79ge2y6 Je5R4nmEwYQyp2VA3SCihcgE4bULeapmGyqCAjVQ= Received: from us-smtp-delivery-114.mimecast.com (us-smtp-delivery-114.mimecast.com [170.10.133.114]) by sourceware.org (Postfix) with ESMTPS id EF15D3834872 for ; Thu, 8 Dec 2022 14:20:25 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EF15D3834872 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11lp2173.outbound.protection.outlook.com [104.47.56.173]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-214-DasTkN8jMIyOiXr_uRTH6Q-2; Thu, 08 Dec 2022 09:20:24 -0500 X-MC-Unique: DasTkN8jMIyOiXr_uRTH6Q-2 Received: from DM6PR17MB3113.namprd17.prod.outlook.com (2603:10b6:5:6::10) by MN2PR17MB4080.namprd17.prod.outlook.com (2603:10b6:208:206::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.10; Thu, 8 Dec 2022 14:20:22 +0000 Received: from DM6PR17MB3113.namprd17.prod.outlook.com ([fe80::9df4:7ed9:aca6:322e]) by DM6PR17MB3113.namprd17.prod.outlook.com ([fe80::9df4:7ed9:aca6:322e%4]) with mapi id 15.20.5880.016; Thu, 8 Dec 2022 14:20:22 +0000 To: gdb-patches@sourceware.org CC: Jan Vrany Subject: [PATCH] gdb: fix possible use-after-free when executing commands Date: Thu, 8 Dec 2022 14:20:14 +0000 Message-ID: <20221208142014.84759-1-jan.vrany@labware.com> X-Mailer: git-send-email 2.35.1 X-ClientProxiedBy: LO4P123CA0459.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1aa::14) To DM6PR17MB3113.namprd17.prod.outlook.com (2603:10b6:5:6::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6PR17MB3113:EE_|MN2PR17MB4080:EE_ X-MS-Office365-Filtering-Correlation-Id: eeda1aaf-ae3a-49d7-7f4c-08dad927574b X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0 X-Microsoft-Antispam-Message-Info: yJPlnYdgoCNyMp2dtQDVC4MfOOSOY7JEZNDKQFkgXkBfEQeM++ReoxcK0tmEataoVnlBu6TilKtuNm/LehkiCo6SxYrv5/iv9pFkzr8lu2WNM8vhGSmBM8jzGDQ8yCwpI/kn0b/t6ZGj0INLnBHuRgvHw7updnn3UP8zGPemTwem2zdR4NbomDwg7ofoN45sm2dEHw6njTCNHJuSEbH3JFHhAfk9A0RHJ79rAQUKrmd4xu4zKHYvomkrKDTnaw1xtJFnHyxnvWqvFnwXMWRF7SNLw+yWFAb6ygtbqdZXwLbgaI0FcXPPF2djnZwKbBuLiWHT52VDM/IzZykFqYvQsCdEWT/xh9LXYV81jzXO2SvgNHPXeZPdsL35DbPM4ZY7FqprVGyKzmAtkj34SfmHcn2ZjufXDhiqfuoi2OYukqifJfot3Hr+zTBTxcHeLEwsu8fg7hNkXyjzkkhiDn7jzQ5xUkppKQV1ZUNmUDpcCl55rTV6YMHL1KpwW952gJxj3c4+PP+v7sAM+rNrRe/VM2Bhwan55/DhjxHEV6HYI8+c25VYRefss4OJE1LpeAs2M9plwExQE8QyVzSPNiYcpuLDqcLaIwlSW9qQDV56fuh9FmS08sgWCoNwRpWck7DEB+wCR7w4FevBMOA4wDA2bALkSn7hv34JLJK41TVNls/f1tbld1dgIVZR2Nh5Wm6+PRSv4di5vpvJG43RZJ8U3w== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR17MB3113.namprd17.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(366004)(136003)(346002)(39850400004)(376002)(451199015)(36756003)(2906002)(38350700002)(38100700002)(86362001)(8936002)(44832011)(83380400001)(1076003)(2616005)(186003)(316002)(6916009)(66899015)(5660300002)(6486002)(478600001)(6512007)(26005)(52116002)(4326008)(41300700001)(8676002)(66556008)(6666004)(66476007)(107886003)(66946007)(6506007); DIR:OUT; SFP:1101 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?rjr0MFuk6D2AHmLNiwdbODd9YdoCJNK4JeJkJBZ/uHF/Ut+VPkWpkjxrdPxh?= =?us-ascii?Q?HcbRH0YKCYzOyr2JWanPpJuthENXT4m9CG3nfs176asptBWS0o7PNvA1HTv3?= =?us-ascii?Q?8Fp86KNvYNKgHmhKHsXMktH0v1Yj5kpZaDriE9y/BqEOvVItNEzNXPXaGnns?= =?us-ascii?Q?ZYNJbvrfSDWBn+jyUBhkrefsdBgXu2FTMRYCff/lGb/vQozZd4wid6cac/Jy?= =?us-ascii?Q?auPK7eBD414pwbrw7wK20Eehz+Puh5sBYepznQGtIceOpT40eKYziFSJgtA1?= =?us-ascii?Q?RN0UIPkTB5aO/4UbcuUDjUo88f0Tr4UQpz+7ZVaKinKOr0yFf9SOSGCg2ifH?= =?us-ascii?Q?1oSgtah6ANkbmmBcfXHL4OFR/TGrNoDo8m+qDIwnHB9/ghJOgk/iRG0QLoZL?= =?us-ascii?Q?bQCr5g4j6XkFD8wbuFTWtYJdyt5LILz2DHPLYDAnmmw5wehcHENMsNQZ6v39?= =?us-ascii?Q?Lz2NG0p1sfSZGS0tTufXPt2W8rsFNQBWYHs8Q6EtohA7+jrg/XfDJ5B4G8jS?= =?us-ascii?Q?0EBupaYntrkoqh024cFL75vvBzEdIUq2IBTs4uHdvCEnQTs3mUKgnOVbhkxb?= =?us-ascii?Q?4ocaCJ5RvaUoWibDN0iXxpHxu2/krdmLGSdXkd+zmHHu7fuApgPY4HT7r3Xb?= =?us-ascii?Q?P5NhInHv1mD4WFLhktVjxCuHq5ToNRCjkJDUulDjgmHLAUKFfd7oY3TIb6m0?= =?us-ascii?Q?urq4YIBh9Nmr2S75kIcVseQxJFmJN84S5T3dDVY5dwn9Zj+9w5yld9Nn0hZ2?= =?us-ascii?Q?msu1sAuMeygq2GkwwAM0V3sO6T7+3x4xtrop+Jkl3BwJYU0aCs/56EkrG+zs?= =?us-ascii?Q?yEQH+XGKcr0FU3lqtKlissZX9iAgA7p1PFzG0jX3IUjAQn3nXuySgp5rt/4Z?= =?us-ascii?Q?ypycCYFQH537tJny1uiK8kyyXyAK4UBu7uzuuyubYUI73P2Xafsvy6we2ic5?= =?us-ascii?Q?cy1KeX6XvsOm+mtS7GYQeEEgcEPr1ilmxWrZSj1AG+WEsM9l8l+i6rxA/UKI?= =?us-ascii?Q?D3poYSBG0r/ebY8/p6z49f14ZwhzDlyZuqWw9fSyCsa804LUIDz1wym4WXYx?= =?us-ascii?Q?PKNOvlCk0Vjt861YB0JAK/gIblhr8lMG12v/BXdKRMUlbU481wdqsXTY3zMw?= =?us-ascii?Q?HlsdI6KBrr7o33jpCYiWxxKPYsEndF9l1myPMsrKjk0sBYLhw7IPToJeB4dS?= =?us-ascii?Q?ROOmV8XJ8mN93h0L0m9QRK0wLGjhwLlc687YczC7I88ikZ/fE3OysX67D+rT?= =?us-ascii?Q?+FbQv9/xpr2qn5s8bONPy2Xpaios1AsKQEF53XgSJlr9n/2CKSgRuX9gL0mJ?= =?us-ascii?Q?H9BOgH2fmP50YQeKbSqVKbkLxGaxoU2uHfJYgd3C2WgNVyYhqt2ra1DRUOWX?= =?us-ascii?Q?n6pykWapMDL+DBbUvVZOeR7rFRDRfApz+kiNbScxFL44CE+vLkPeF0kypIP6?= =?us-ascii?Q?tTkSFcShj0rsbS/uFkA/uxmDngerkEeq53t6eoUhE63O+HcxZ12z/UlVL72u?= =?us-ascii?Q?KeSUJ+9GCvmoWDlvuwyqYy3TAYHma4I2ReRcUhGyI4FNz1q0/NiwH+4T+MTd?= =?us-ascii?Q?wv6wWhvN7dWSKgLfDTuYpxjEow/1CPO63KbJpq7Z?= X-OriginatorOrg: labware.com X-MS-Exchange-CrossTenant-Network-Message-Id: eeda1aaf-ae3a-49d7-7f4c-08dad927574b X-MS-Exchange-CrossTenant-AuthSource: DM6PR17MB3113.namprd17.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2022 14:20:21.9582 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: b5db0322-1aa0-4c0a-859c-ad0f96966f4c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MFmfTvXqokVrA20++8b/P1v57HTVoiWyLF5YGGGdkUU564pHmySaIFA1JLUkahehfZ7UlNLwtb8uzmkZEfOMyg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR17MB4080 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: labware.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=WINDOWS-1252 X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Jan Vrany via Gdb-patches Reply-To: Jan Vrany Errors-To: gdb-patches-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb-patches" In principle, `execute_command()` does following: struct cmd_list_element *c; c =3D lookup_cmd ( ... ); ... /* If this command has been pre-hooked, run the hook first. */ execute_cmd_pre_hook (c); ... /* ...execute the command `c` ...*/ ... execute_cmd_post_hook (c); This may lead into use-after-free error. Imagine the command being executed is a user-defined Python command that redefines itself. In that case, struct `cmd_list_element` pointed to by `c` is deallocated during its execution so it is no longer valid when post hook is executed. To fix this case, this commit looks up the command once again after it is executed to get pointer to (possibly newly allocated) `cmd_list_element`. --- gdb/top.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gdb/top.c b/gdb/top.c index e9794184f07..441ca3e14c1 100644 --- a/gdb/top.c +++ b/gdb/top.c @@ -655,6 +655,8 @@ execute_command (const char *p, int from_tty) =09 } =09} =20 + std::string c_name(c->name); + /* If this command has been pre-hooked, run the hook first. */ execute_cmd_pre_hook (c); =20 @@ -694,7 +696,9 @@ execute_command (const char *p, int from_tty) maybe_wait_sync_command_done (was_sync); =20 /* If this command has been post-hooked, run the hook last. */ - execute_cmd_post_hook (c); + c =3D lookup_cmd_exact (c_name.c_str (), cmdlist); + if (c !=3D nullptr) +=09execute_cmd_post_hook (c); =20 if (repeat_arguments !=3D NULL && cmd_start =3D=3D saved_command_lin= e) =09{ --=20 2.35.1