From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id X55PGLAXNmYAzgUAWB0awg (envelope-from ) for ; Sat, 04 May 2024 07:10:40 -0400 Authentication-Results: simark.ca; dkim=pass (2048-bit key; unprotected) header.d=yahoo.de header.i=@yahoo.de header.a=rsa-sha256 header.s=s2048 header.b=WAMU9cft; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id 486E51E0C1; Sat, 4 May 2024 07:10:40 -0400 (EDT) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 0E2E11E030 for ; Sat, 4 May 2024 07:10:38 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 58A8D384474A for ; Sat, 4 May 2024 11:10:37 +0000 (GMT) Received: from sonic314-19.consmr.mail.ir2.yahoo.com (sonic314-19.consmr.mail.ir2.yahoo.com [77.238.177.145]) by sourceware.org (Postfix) with ESMTPS id F1FC93858CDA for ; Sat, 4 May 2024 11:10:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F1FC93858CDA Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=yahoo.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=yahoo.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org F1FC93858CDA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=77.238.177.145 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714821018; cv=none; b=EBpK0efOxLjNzwxhAZiu/f9s45K7poUojR3oWVfVSVlP4d8YEwOIPHg8uuhPIMDSVG6FE6auKUZm9eZnpBPE2fuqjYL9wYNNUBDqAQx4jMdW/BKr2CLgdcsyb09QWq41/9BuFUOIkT9dqtlGNzwAb61znKwWsD39zDRLkCy4tGM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714821018; c=relaxed/simple; bh=uTRrqRqDozZbMD5+iDcYuISGJ5skegyXhUZ/IrsOlTw=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=ZLR46c+dCHitSdKIeNe4MJv5DBfJ1PwEBGZGHbQCfP2Y80QdkW7Fb2OdM4ruB3MkWEzAJ2w2ypXhPmnnuMVUM54NfeW/OlA9EqDx6BpOLZznW2IiJ2dNIMzdM3sdS2oSiilC+mSe+50FKaca8iaoarQBsdQz3wSkLl/hLnm7T1w= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.de; s=s2048; t=1714821013; bh=/6zXk81BD6Vv8d6P9rMtn8H/cj9DxXN8io+jZZwzEIY=; h=From:To:Subject:Date:References:From:Subject:Reply-To; b=WAMU9cftAO8bzdTm/yVA/xQhjCB2BCHgaBBkKahmDG4yqDTxHhd1+BTeyYPqx5UkGa6Alyl9QEZAxU/yylyzfwqzkCxtT43wNuK4KhYHkEV8SArFRypCapDnwhhAJ8X9QmK+jZwV8Xmn5LkkLv7KNM8QZnNAN/lBzWEWMvptGwz94jY/OnNa4AxyeAP5bTgEVs12Adx+w7pngjiaBE65vM3hKpExMb/yLvL0C8BXPyFFtuSc5DfoBf31BqEUpn6uXiSznkYAqP1joPYG+TlTdRb254mM/ASDyHwPk9uB/HsEo52QLmVws+7Z9dev5O0as2EPwi1+X2RtUMHukK2YaQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1714821013; bh=g0H3Qavkp1cJQPgtQ8kAFlYpEjXXCgsE6DcyNv3Usp5=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=uUb8d0VkXLFh6x3u8RyLgTK47X1h4AFjzds8jqov+hMI30AK+ZcFuWqeGJN3aKKqx5xvVF/fPlLe5pWTMunqA3q1xpiv28yAsGHPkKXnDNctbLsh6J7HLABvmSZxqgTKYm6OkOboURXj/+rnaDbl00vzdHVMB2hE4deJWoPGpBKf0L8ZSxoMCHqsfNXIOFZVSWDExFfMEClvs2/XDR5vl3VnSq8OEdfZ2vvdnceyBwKrEg3S7DIXsMIMHvJ5aRp1o3iToS5P3pYlKdYfor/K7Cn2X6FBRaw37DPszyIvSE0fQcwadcgPBZaSdncKT3i5lpmhbCA9Cw3UXke+roUJLQ== X-YMail-OSG: 02_gELMVM1mOSkUxa0OV.H5iHoSoZA36Skgn4SrRLv49BStfqIqf9RrDvVSNZ9Z J6nYi6ki1nZ62LRrrOxBWXzeyM26SLZjuyt.5oC0qIlDW4WOiSEd4ZpGXi2E9egilvlHCCpXmY.q DF72k0GfAvS8I2CY7htclzd2PkFg6seQWAe98O6F78l2TrvmBYGdQEFsb477E0rzxcSL5x9aNX6t nUxr82IiJDPFNJqLRDn60abTvHm0d3ya_0IT8fHlEQ.k7nNZwYGLb6AVztA6AMLxtEC89W.Mvvgt Mss5mrBZU49ebJXImk4umdRUR9zicxz4PiqwCWAm5MBs1H8qpa7AZuGVqkwK5fcz2hhbLo146u_3 .O8sxlejQuE0o5n5LQG1Pe4eagnvM5axGM5D0nobXRjkPpsKqbYnwVrZ4luXHbWYezg7nM36aLwf 1Flwj8aHc66HlZVrOWZpr8kx3EptU9nNo10ZBk.p0oDbE4g5siirB1PW7UHAXAaRlEaPZpuLJ0tt 6VdLj0AmTqkom3Xjvcmh.V0gR2bk2gx8sYBqfkq2D2Z0kJGEz4UR2y8sLPFhxxDSJT_720iTM6FD NcJff1s4RXAsdlB524WmIXB2yJ.Qe80Dna2cP507c3N41YxOIemlZABBGBGLi65ZUFfjUAhIvuth 3mS_Cyn5XIy4Np5YlnXlEIF8ISsX.e8O59LTDxytAbs.ap95cBRRbwoglDhBupaTV4CpK_Nd5b.z HUV2Dk5BlCiv3AB8WacZVH.4piN1xUfW1NJIa4PRzrXJYcfdIWGfOOuOekXi6gwnWKxAQI1__Kzc 3xpe4CiLZoRuEMi36ZUYR9Q2web55hU4oR_7.o1ptSDaFAs859zhU01CeqvhFErUDFm4MPN0Ks_L XcqIaedUQVMZDLUa_Lof279vjg6JmKVxWHwQyUJcOsheRgqIIkUVcNkw_97EEMdrfsq0Nj1V3QYJ YyEmaYoKF_Amvn9cAb65dqhMCpQlNGwQTQchwkzffJIGg9rVxpBto4kBbU2x4EQCP2DL5YynGIV8 L5je3vXtn5QeMZm86jnKLBZ9wzc_gb9rFR4BMsSrpSa9OHmGxkoFAQCm0BacL7h_iJDi8OqITEU2 frnOu8_fO8wObbuKFz4u7lXKdSJnDX0dPTSTrptupgNA27J9PoefmkVFgqDwh92IXGc8v8CTENED yQs.gAN8WW2EO.8rOZ4GxYr4Jh0xCM0JUvPj81Qe8aK8vamD6FeVZH3Mh8nk.rZ8nhcP4r.XcRN5 6iqsuOwyaEbKWG5CZprLbD7eRb1gq3BpKdUOglZ7d8hAvYUaGVQZ22EIt.hZMHMssWlUIfQqIArK fJSgFw0FySlg_3Bo8wWdYbE4id0J4jg8M1EVhtA4EHpLv2Xg2KonxP4t8QTbeKjHPqmOq2DD6S2b 19nAM73TejreSHroXQIb_W0odR9QH8AQHrvsflWiU8W7OSASBdWQUpyKCAjFuxtdsBBt0p.zil8t sLFajiyAhqWB2vfRmupakYD6wu7NoyKe.dxzqtkqYSn5MpsuV7Wk2gHnXtzeBu6dulbg6OflkyO4 m1uQ.GoFPSWAxhpQ5TMTK0xTdH.jF1fEofZgiSGl6nniW5kA6t3hDFos4J6bZ__k1HxHQ6B4jzR7 KfbP6JTAa16E9ppTtqq32GCYz_tXK8t2B0FWMyQliCzNEB_Xi6DJ8JJcKmV5j5gqTGzBReq.oCm0 WuDQYHDwnnzt9ca2mlEn.77ZMeoV9AteljWbX6HzQHvDqBPfl1QHS7FxLoJcGU11FHD4o1zLBOiI Wfi1aDUZR05_.wKt0Q_FaU8bq9R99wtySNe0FqYWrTkwRW8SYrPBGpyS9C9qi92yl8Hx47648kSX FwUm9fvI6_6VZhUvjepbzbhvqmbVvL2w22D2eEHDsTd.dNeAlEtmx5aujlPfrqS4Mh77a2Ysx7K. YAFrakXLt9dHiZE8hynDw4LNWQlm0Rz4AmULYY5mUJwUQpyfr0.j3U23emPgiwPJfi2139XKBoSy RfA4RZE7wrKNngkDpMU.i5hLaaSqwW4BdRlbg1JkuyMlWDyNvZLApY28Nt5zz7IyIQJDBbopXN1x ow15e28St3Z7FyALh3lqPQUbi83MrTRAlo2eNSEzD6t_lOrpCHmJV0Nq4oI7d5Aok4caBW3m1Zj8 CzAQDZkin8q6hCKlm3w8jQndDet_HceKMhLooe3lenzueJYj48UQzxdQqYidodIUjiTncxoAQx62 D85ZxbceMkXAJ9ZpM4CLZz5PKwEFz X-Sonic-MF: X-Sonic-ID: 14324e13-812e-492c-bc1c-b7caf55c8363 Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ir2.yahoo.com with HTTP; Sat, 4 May 2024 11:10:13 +0000 Received: by hermes--production-ir2-7b99fc9bb6-4j82p (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 93ddf223d5413eaf75dba2b670e137fd; Sat, 04 May 2024 11:10:08 +0000 (UTC) From: Hannes Domani To: gdb-patches@sourceware.org Subject: [PATCH] Fix heap-use-after-free in index-cached with --disable-threading Date: Sat, 4 May 2024 13:09:42 +0200 Message-Id: <20240504110942.922-1-ssbssa@yahoo.de> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Antivirus: Avast (VPS 240504-0, 05/04/2024), Outbound message X-Antivirus-Status: Clean References: <20240504110942.922-1-ssbssa.ref@yahoo.de> X-Spam-Status: No, score=-10.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP, WEIRD_PORT autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces+public-inbox=simark.ca@sourceware.org If threads are disabled, either by --disable-threading explicitely, or by missing std::thread support, you get the following ASAN error when loading symbols: ==7310==ERROR: AddressSanitizer: heap-use-after-free on address 0x614000002128 at pc 0x00000098794a bp 0x7ffe37e6af70 sp 0x7ffe37e6af68 READ of size 1 at 0x614000002128 thread T0 #0 0x987949 in index_cache_store_context::store() const ../../gdb/dwarf2/index-cache.c:163 #1 0x943467 in cooked_index_worker::write_to_cache(cooked_index const*, deferred_warnings*) const ../../gdb/dwarf2/cooked-index.c:601 #2 0x1705e39 in std::function::operator()() const /lisec/gcc/9/include/c++/9.2.0/bits/std_function.h:690 #3 0x1705e39 in gdb::task_group::impl::~impl() ../../gdbsupport/task-group.cc:38 0x614000002128 is located 232 bytes inside of 408-byte region [0x614000002040,0x6140000021d8) freed by thread T0 here: #0 0x7fd75ccf8ea5 in operator delete(void*, unsigned long) ../../.././libsanitizer/asan/asan_new_delete.cc:177 #1 0x9462e5 in cooked_index::index_for_writing() ../../gdb/dwarf2/cooked-index.h:689 #2 0x9462e5 in operator() ../../gdb/dwarf2/cooked-index.c:657 #3 0x9462e5 in _M_invoke /lisec/gcc/9/include/c++/9.2.0/bits/std_function.h:300 It's happening because cooked_index_worker::wait always returns true in this case, which tells cooked_index::wait it can delete the m_state cooked_index_worker member, but cooked_index_worker::write_to_cache tries to access it immediately afterwards. Fixed by making cooked_index_worker::wait only return true if desired_state is CACHE_DONE, same as if threading was enabled, so m_state will not be prematurely deleted. Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31694 --- gdb/dwarf2/cooked-index.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gdb/dwarf2/cooked-index.c b/gdb/dwarf2/cooked-index.c index 3b95c075a55..767f119e04f 100644 --- a/gdb/dwarf2/cooked-index.c +++ b/gdb/dwarf2/cooked-index.c @@ -513,7 +513,7 @@ cooked_index_worker::wait (cooked_state desired_state, bool allow_quit) #else /* Without threads, all the work is done immediately on the main thread, and there is never anything to wait for. */ - done = true; + done = desired_state == cooked_state::CACHE_DONE; #endif /* CXX_STD_THREAD */ /* Only the main thread is allowed to report complaints and the -- 2.35.1