From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id 6Ap+Ed+wUWdH5AQAWB0awg (envelope-from ) for ; Thu, 05 Dec 2024 08:55:43 -0500 Authentication-Results: simark.ca; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=cCa2o34d; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id 4452A1E197; Thu, 5 Dec 2024 08:55:43 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=unavailable autolearn_force=no version=4.0.0 Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id EBC781E092 for ; Thu, 5 Dec 2024 08:55:42 -0500 (EST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6F1203858D21 for ; Thu, 5 Dec 2024 13:55:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6F1203858D21 Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=cCa2o34d Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTP id 7BE293858D20 for ; Thu, 5 Dec 2024 13:54:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7BE293858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7BE293858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733406883; cv=none; b=me7mS09q1yMVOFH3GjRJNBUtGtBtlhwvmw2tDG8qBj4lh2s+LxxNWAEYdQlaplJqQzpfV+84ANy7m8c1o8xoQQ0Sq1XE/bZ5LtVPoWxKQBFZ8ThYrAudLmJd73ZfzlACw3HczTmI5qULa5rOcJbn+AP99ikKSEpZ2sGEDzFUWqc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733406883; c=relaxed/simple; bh=zKHGW0rUMkBfk+um3k+uHSloxOEjbGvi0bheyo8a0Is=; h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=aKMCV/8mqRKWKorIFFV0Gkkm2aq7eU/ftWiFQxkUUyzXknFQX1dz9kZyp4sdDUVxPlWxx5fTI1F5ogfL3M+7UhBH2A0Qon8tcC0BOXTrIPd+XN0QHy/7kM7ZHQJwRSB0866s1pHYkAI+YXvbpv3AGXjZR7iTLK5gQv8FeZuBgIw= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7BE293858D20 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1733406883; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rjmIKNQ9e8VEoJVTjLq62L1vZJARUwUsNv1g0Is36bE=; b=cCa2o34dw3OjIt2YJHFwqAvx/NhJaYi01sG9AkaTfabjrj6rnVdplcUzLde/QrsABVDwU9 fUxtvUYuMG5HaBUp3z+aXCnV7vF1cJlGj+y3N3pr3tXzdOTLqNvWSuw+OTs1yHhWFIHaEh IS8wqE2wux/Xc2Ut6Wi8yNUUTPDGIL0= Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-383-8HXTSMgGMkSNTv3fOaXcdw-1; Thu, 05 Dec 2024 08:54:42 -0500 X-MC-Unique: 8HXTSMgGMkSNTv3fOaXcdw-1 X-Mimecast-MFC-AGG-ID: 8HXTSMgGMkSNTv3fOaXcdw Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-2156cb2c3d2so14279155ad.1 for ; Thu, 05 Dec 2024 05:54:41 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733406881; x=1734011681; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rjmIKNQ9e8VEoJVTjLq62L1vZJARUwUsNv1g0Is36bE=; b=YjIuV8clO6IT/nrcjPOeifAyR5fnacSQPp6KZBrK6IUm1DwtJlUNYit0LBfmlK6Vf5 3lsIoXXWzMn6XZD/Macrm1tC7lq8wBEotpTvF6Jk4Z6FtgdfopPXTH6tVtjUYH6S/WoE CtJGx6uqS35vr46+QaF9tL/Oa3vmhnLvILmIpdZlAG7n//Dj1Dga0VmFWmWOO8ssCWnX Al3Pd1R+s1tq5ClaXGVVm/DCWYamct3c/oXZPjPgcK7gR4eySSTknYHronT47UIN2dEq /9qZVjb5swj0wFYCmQEiJ7YtJqAiJvfe91FvEMZDJsp1jl8jQcM38929S3dMEOKGa70h JVsg== X-Gm-Message-State: AOJu0YxkVBOdFCuHs4ty7AAmmUjCZbZ7GfpPTPM79FWVQXKOz3PHtIxc 1+RaFBPkUaLTDiPlLZIopBGc8tAXlubvMJo4PjfK0gXWkKjCAxPmwPOFUTIzP1ubTcEuxL9oyb/ VgsFm4WzOG9ghT15dzg8eDpjH+qqCq9YyylEnGHQ1pNo4Yjgy82Ng3KJuTPT0e7Ai7qMMjnFOJP PSrDCaurYtg4L2+D9BOL9wak8o0zyIlLzYq1V5En/HF//e X-Gm-Gg: ASbGnctlwkZYt69dMygtf25BQh6gDelpdUraUsH6JJuXtaeuiGJr6UY0oUJWzfKJxwo I5kt7e0YtZKgGJzbFrbaUcvfljjFrAlKgqdYY4wunWsB0npc69oh3IqSMPJQrifmtSX1hY2MUYM xffggOci+nXChM9uAmXMr5Lyuv2lHMBKAWW5bJGOK6KK4tdQnx9ZZEbi/96zscnmi3NYw1Kh0ZN yHcNsVEihUBAJQxpYaoG9UYQT1J+jXYQeuOUk+DqRBm8wqowXDaEyCegBcE1Q== X-Received: by 2002:a17:902:d1cb:b0:215:5f17:42b2 with SMTP id d9443c01a7336-215bd25151fmr111170175ad.43.1733406880736; Thu, 05 Dec 2024 05:54:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IGpaXYV4+A7TVjwkV3U0DRZHeP1u3Cn5UFfNxS6/SULT1/mM5QALwcl4FLXJXT2YgVj6GqT0w== X-Received: by 2002:a17:902:d1cb:b0:215:5f17:42b2 with SMTP id d9443c01a7336-215bd25151fmr111169955ad.43.1733406880253; Thu, 05 Dec 2024 05:54:40 -0800 (PST) Received: from ?IPV6:2804:14d:8084:92c5::1000? ([2804:14d:8084:92c5::1000]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-215f8efa2aesm12726955ad.142.2024.12.05.05.54.38 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 05 Dec 2024 05:54:39 -0800 (PST) Message-ID: <93e39e5b-9166-474d-b002-0b0ee9829c94@redhat.com> Date: Thu, 5 Dec 2024 10:54:37 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] gdb: Fix use-after-free when an objfile has no symbols to load To: gdb-patches@sourceware.org Cc: Simon Marchi References: <20241205131959.3400690-1-guinevere@redhat.com> From: Guinevere Larsen In-Reply-To: <20241205131959.3400690-1-guinevere@redhat.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: kPj3k3rf2BsewU4YoSzFZT7wrPY5MTo4kZ6vdkrQfBs_1733406881 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org On 12/5/24 10:19 AM, Guinevere Larsen wrote: > The recent commit moved an initialization of an objfile_holder in Oops, I meant to go back and add the hash of the commit there.... it is commit 32e3f1a0aa0 > syms_from_objfile_1 much earlier in the function, to better deal with > when GDB is unable to read the objfile format. > > However, there is an early exit from syms_from_objfile_1 when the > objfile can be understood, but has no symbols. That was not releasing > the objfile_holder, so the objfile was being unlinked from the program > space, but the process of reading the objfile was being continued, > leading to use-after-frees flagged by the Address Sanitizer. > > This commit fixes that UAF by making the objfile_holder release the > objfile right before the early exit. > > This commit also changes the test gdb.base/dump.exp since that was the > original test that flagged the UAF, but at the end of the test the > generated files were being deleted, meaning we couldn't redo the test > manually after teh fact. That final deletion was removed > > Reported-by: Simon Marchi > --- > gdb/symfile.c | 4 ++++ > gdb/testsuite/gdb.base/dump.exp | 4 ---- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/gdb/symfile.c b/gdb/symfile.c > index 3fd6c8d73a2..28c0d46ab54 100644 > --- a/gdb/symfile.c > +++ b/gdb/symfile.c > @@ -901,6 +901,10 @@ syms_from_objfile_1 (struct objfile *objfile, > int num_sections = gdb_bfd_count_sections (objfile->obfd.get ()); > > objfile->section_offsets.assign (num_sections, 0); > + > + /* Release the objfile unique pointer, since nothing went wrong > + in reading it. */ > + objfile_holder.release (); > return; > } > > diff --git a/gdb/testsuite/gdb.base/dump.exp b/gdb/testsuite/gdb.base/dump.exp > index 3c7bee5ff30..58fedb1d36b 100644 > --- a/gdb/testsuite/gdb.base/dump.exp > +++ b/gdb/testsuite/gdb.base/dump.exp > @@ -564,7 +564,3 @@ if {![string compare $is64bitonly "no"]} { > "reload struct as memory, tekhex" \ > $struct_val "\*$struct_ptr_type" > } > - > -# clean up files > - > -remote_exec host "rm -f $filenames" -- Cheers, Guinevere Larsen She/Her/Hers