From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id YCbxAIqitmToKyYAWB0awg (envelope-from ) for ; Tue, 18 Jul 2023 10:32:42 -0400 Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=mYR7anvt; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id 0072D1E0BD; Tue, 18 Jul 2023 10:32:41 -0400 (EDT) Received: from server2.sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id E0F651E00F for ; Tue, 18 Jul 2023 10:32:39 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8AF8638560A4 for ; Tue, 18 Jul 2023 14:32:38 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8AF8638560A4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1689690758; bh=3qugLCfG7thDyI8SGBY+fV7ZH1lxMovzGlLuxZI8T7I=; h=To:Cc:Subject:Date:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=mYR7anvtGnMDhLr34P6oQEwEB17vyRV6hRnHcIIK/1sM41sTaRn8QCM52e74mk4h4 ml3pnRcHbthJPyqMWYfuW8OwkTXHpwCaHWCXQDoUIdC5/t/86XDU6LHvYXuYmOZHQT uppjLDHAKCEispn8oUBeqf/48dVR0QPEIVzyIDB4= Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id DA8BC3857009 for ; Tue, 18 Jul 2023 14:32:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DA8BC3857009 Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-467-29UnJEuLPEuxzG37phQDCA-1; Tue, 18 Jul 2023 10:32:05 -0400 X-MC-Unique: 29UnJEuLPEuxzG37phQDCA-1 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-3fbab56aac7so30506715e9.1 for ; Tue, 18 Jul 2023 07:31:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689690714; x=1692282714; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3qugLCfG7thDyI8SGBY+fV7ZH1lxMovzGlLuxZI8T7I=; b=apyS0tC2Um3iWLOLA+Tk5k9O7dCByrtCt5JoksyoL0rNH1iSJQCy/0Ro50kxNETEpn DEhh1ZYQoCKGo5IJaDmwFyAaC+z14UaQ5y/rg3HJuU7l55ywNi0+cmLIaP0KTm5IT5R7 +3yGp38KKrXxFN2fBRJx9W1dc//fDXPTb9eoVLmCssdTs1PDP4IOxLqCqTRxhOYRCqdV ASB0vQeshAtt4gS9nExy7BIaV31rI954JcW6CjsscQslFZU84syzmv4IMwr4yKTMWS2P +Ko/a1ohUa0sM0S++q887KBsWewFymxsNY6ackftyJmhQKOxrvOwQnl52JuCKaK6WQp2 3KBg== X-Gm-Message-State: ABy/qLbMsZkC2JDivB0VDMc+E21LteEGJj/aHmWwjq7h34wjkFLLl8wG 9GusTkPAtK+dYfxOpZ4fJcw8YW1rLyQ1bh2zDj+DYvP4+UKlY9uEKAQFmPFrWMTWh0qAyKW2Yso hh/BSPF3X5av8g8UHhrJdxZGa16+CYUYrJUNAI7RhB0qI0InlOi6cf0JqRO5hpyXtAdHTnQiF4s QFA9iDiw== X-Received: by 2002:a05:600c:2902:b0:3f9:82f:bad1 with SMTP id i2-20020a05600c290200b003f9082fbad1mr1940992wmd.40.1689690713891; Tue, 18 Jul 2023 07:31:53 -0700 (PDT) X-Google-Smtp-Source: APBJJlGrtfQ4WzmhjagjPeqDh3aqiC3ZiBWPWF0DzKAYqQYG5P+wFgCRj8kMBk6O+acllMw8rD9R8g== X-Received: by 2002:a05:600c:2902:b0:3f9:82f:bad1 with SMTP id i2-20020a05600c290200b003f9082fbad1mr1940973wmd.40.1689690713525; Tue, 18 Jul 2023 07:31:53 -0700 (PDT) Received: from localhost (93.72.115.87.dyn.plus.net. [87.115.72.93]) by smtp.gmail.com with ESMTPSA id 3-20020a05600c234300b003fc04d13242sm10418613wmq.0.2023.07.18.07.31.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Jul 2023 07:31:53 -0700 (PDT) To: gdb-patches@sourceware.org Cc: Andrew Burgess Subject: [PATCH 1/2] gdb: fix possible nullptr dereference in a remote_debug_printf call Date: Tue, 18 Jul 2023 15:31:45 +0100 Message-Id: <5476235cc65b171f32663fa5e0af0a62342d1f63.1689690655.git.aburgess@redhat.com> X-Mailer: git-send-email 2.25.4 In-Reply-To: References: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-Spam-Status: No, score=-10.3 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Andrew Burgess via Gdb-patches Reply-To: Andrew Burgess Errors-To: gdb-patches-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb-patches" While working on the next patch I triggered a segfault from within the function remote_target::discard_pending_stop_replies. Turns out this was caused by a cut&paste error introduced in this commit: commit df5ad102009c41ab4dfadbb8cfb8c8b2a02a4f78 Date: Wed Dec 1 09:40:03 2021 -0500 gdb, gdbserver: detach fork child when detaching from fork parent This commit adds a remote_debug_printf call that was copied from earlier in the function, however, the new call wasn't updated to use the appropriate local variable. The local variable that it is using might be nullptr, in which case we trigger undefined behaviour, and could crash, which is what I was seeing. Fixed by updating to use the correct local variable. --- gdb/remote.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gdb/remote.c b/gdb/remote.c index 7e3d6adfe4f..ff3d7e5cd32 100644 --- a/gdb/remote.c +++ b/gdb/remote.c @@ -7564,8 +7564,8 @@ remote_target::discard_pending_stop_replies (struct inferior *inf) for (auto it = iter; it != rs->stop_reply_queue.end (); ++it) remote_debug_printf ("discarding queued stop reply: ptid: %s, ws: %s\n", - reply->ptid.to_string().c_str(), - reply->ws.to_string ().c_str ()); + (*it)->ptid.to_string().c_str(), + (*it)->ws.to_string ().c_str ()); rs->stop_reply_queue.erase (iter, rs->stop_reply_queue.end ()); } -- 2.25.4