From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id tlX3GOkmm2NLbQEAWB0awg (envelope-from ) for ; Thu, 15 Dec 2022 08:53:45 -0500 Received: by simark.ca (Postfix, from userid 112) id 5B7591E126; Thu, 15 Dec 2022 08:53:45 -0500 (EST) Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=CIv+FOeq; dkim-atps=neutral X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-9.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,NICE_REPLY_A, RCVD_IN_DNSWL_HI,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 01E901E112 for ; Thu, 15 Dec 2022 08:53:45 -0500 (EST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 90F0C38432EB for ; Thu, 15 Dec 2022 13:53:44 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 90F0C38432EB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1671112424; bh=/pBpGbvNOfoplulRtvVK4/iuzkZsK18qiGeWod4s7YU=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=CIv+FOeqQmZNFBdL8Lx//JiYThj3+A6xw0/oGHRKAzCBNwepI9UAlakL6HWkce4Jb DaooUSAG99UJlx+E/nNR4nV67LtGz9kA6ocSD71x6RzX0NfvYR6+1phV5PWdO9ePJB HHCM/kMTpgYXdGDfO50FYSHrDr4n+0R1bQ5mm5H4= Received: from simark.ca (simark.ca [158.69.221.121]) by sourceware.org (Postfix) with ESMTPS id 9984A38533FA for ; Thu, 15 Dec 2022 13:53:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9984A38533FA Received: from [10.0.0.11] (unknown [217.28.27.60]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPSA id 22F581E112; Thu, 15 Dec 2022 08:53:24 -0500 (EST) Message-ID: <7ced24a4-19d5-293e-b7d6-88d77d3aea7a@simark.ca> Date: Thu, 15 Dec 2022 08:53:23 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Subject: Re: [PATCH] gdb: fix possible use-after-free when executing commands Content-Language: en-US To: Jan Vrany , gdb-patches@sourceware.org References: <7d53e2da-c268-d859-8ddc-b86ac73ce840@simark.ca> <20221215125751.1622358-1-jan.vrany@labware.com> In-Reply-To: <20221215125751.1622358-1-jan.vrany@labware.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Simon Marchi via Gdb-patches Reply-To: Simon Marchi Errors-To: gdb-patches-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb-patches" On 12/15/22 07:57, Jan Vrany via Gdb-patches wrote: > Hi Simon, > >> Hi Jan, >>>> >>>> Do you think you could write a test to exercise that fix? >>> >>> Maybe, though I'm not quite sure how to make it fail unless >>> one uses ASAN or Valgrind to run it like you do. Will give it >>> stab. >>> >>> Jan >> >> It's fine if it only fails with ASan / Valgrind enabled, that's the >> point of these tools. They help catch bugs that would otherwise fly >> under the radar. >> > > Maybe something like the patch below? Thanks for following up! > > With: > > * patch b5661ff2 ("gdb: fix possible use-after-free when executing commands") > reverted, > * patch below applied > * and GDB compiled with ASan, > > the new test fails for me. If I comment the redefinition: > > diff --git a/gdb/testsuite/gdb.python/py-cmd.exp b/gdb/testsuite/gdb.python/py-cmd.exp > index ce26f2d3040..ed628e77d31 100644 > --- a/gdb/testsuite/gdb.python/py-cmd.exp > +++ b/gdb/testsuite/gdb.python/py-cmd.exp > @@ -82,7 +82,7 @@ gdb_test_multiline "input command redefining itself" \ > " def invoke (self, arg, from_tty):" "" \ > " print (\"redefine_cmd output, msg = %s\" % self._msg)" "" \ > " self._msg = arg" "" \ > - " redefine_cmd (arg)" "" \ > + " #redefine_cmd (arg)" "" \ > "redefine_cmd (\"XXX\")" "" \ > "end" "" > > the test start to pass (since it is not redefining itself). > > HTH, Jan > > -- >8 -- > Subject: [PATCH] gdb/testsuite: add test for Python commands redefining itself > > This commit add test that creates a Python command that redefines "add" -> "adds a" > itself during its execution. This is to test use-after-free in > execute_command (). > > This test needs run with ASan enabled in order to fail when it > should. > --- > gdb/testsuite/gdb.python/py-cmd.exp | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) > > diff --git a/gdb/testsuite/gdb.python/py-cmd.exp b/gdb/testsuite/gdb.python/py-cmd.exp > index aa95a459f46..ce26f2d3040 100644 > --- a/gdb/testsuite/gdb.python/py-cmd.exp > +++ b/gdb/testsuite/gdb.python/py-cmd.exp > @@ -71,6 +71,29 @@ gdb_test_multiline "input subcommand" \ > > gdb_test "prefix_cmd subcmd ugh" "subcmd output, arg = ugh" "call subcmd" > > +# Test command redefining itself > + > +gdb_test_multiline "input command redefining itself" \ > + "python" "" \ > + "class redefine_cmd (gdb.Command):" "" \ > + " def __init__ (self, msg):" "" \ > + " super (redefine_cmd, self).__init__ (\"redefine_cmd\", gdb.COMMAND_OBSCURE)" "" \ > + " self._msg = msg" "" \ > + " def invoke (self, arg, from_tty):" "" \ > + " print (\"redefine_cmd output, msg = %s\" % self._msg)" "" \ > + " self._msg = arg" "" \ Is it needed to assign arg to self._msg here? > + " redefine_cmd (arg)" "" \ > + "redefine_cmd (\"XXX\")" "" \ > + "end" "" > + > +gdb_test "redefine_cmd AAA" \ > + "redefine_cmd output, msg = XXX" \ > + "call command redefining itself 1" > + > +gdb_test "redefine_cmd BBB" \ > + "redefine_cmd output, msg = AAA" \ > + "call command redefining itself 2" > + Note that in TCL code, we use an indent of 4 columns (and just like with C++ code, whole groups of 8 columns become a tab). In order to isolate the new test from the other tests in the file, can you put the new test into its own `proc_with_prefix` function, and start with a fresh GDB? That would mean calling clean_restart at the beginning of the proc. Simon