From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id QG4RNq0pmmMKzAAAWB0awg (envelope-from ) for ; Wed, 14 Dec 2022 14:53:17 -0500 Received: by simark.ca (Postfix, from userid 112) id DA61D1E126; Wed, 14 Dec 2022 14:53:17 -0500 (EST) Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=ilJ9Mh+8; dkim-atps=neutral X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-9.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,NICE_REPLY_A, RCVD_IN_DNSWL_HI,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 956581E0CD for ; Wed, 14 Dec 2022 14:53:17 -0500 (EST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 11C2B385063C for ; Wed, 14 Dec 2022 19:53:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 11C2B385063C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1671047594; bh=bv3y/ANw4B0dFp+iMRiNH7BBE821ei5w8Tp08ysybVs=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=ilJ9Mh+8Qj1HJ1FD88PbBj2psv35wTwHbpwOxCgZr6mrRsP40ecCui00WCZdIYHwA fDDcaVRbrPsOT18SImBTtHL6uZFHTGYtrTWIkR03AhDXQv+VW1qQ9XiSwingronyRt DngfNJ8UuCsEVr//vXGtPHFDvYUTdqnHKscDOUvU= Received: from simark.ca (simark.ca [158.69.221.121]) by sourceware.org (Postfix) with ESMTPS id 1516B3850617 for ; Wed, 14 Dec 2022 19:52:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 1516B3850617 Received: from [10.0.0.11] (unknown [217.28.27.60]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by simark.ca (Postfix) with ESMTPSA id A62EB1E0CD; Wed, 14 Dec 2022 14:52:53 -0500 (EST) Message-ID: Date: Wed, 14 Dec 2022 14:52:53 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Subject: Re: [PATCH] gdb: fix possible use-after-free when executing commands Content-Language: en-US To: Jan Vrany , gdb-patches@sourceware.org References: <20221208142014.84759-1-jan.vrany@labware.com> In-Reply-To: <20221208142014.84759-1-jan.vrany@labware.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Simon Marchi via Gdb-patches Reply-To: Simon Marchi Errors-To: gdb-patches-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb-patches" On 12/8/22 09:20, Jan Vrany via Gdb-patches wrote: > In principle, `execute_command()` does following: > > struct cmd_list_element *c; > c = lookup_cmd ( ... ); > ... > /* If this command has been pre-hooked, run the hook first. */ > execute_cmd_pre_hook (c); > ... > /* ...execute the command `c` ...*/ > ... > execute_cmd_post_hook (c); > > This may lead into use-after-free error. Imagine the command > being executed is a user-defined Python command that redefines > itself. In that case, struct `cmd_list_element` pointed to by > `c` is deallocated during its execution so it is no longer valid > when post hook is executed. > > To fix this case, this commit looks up the command once again > after it is executed to get pointer to (possibly newly allocated) > `cmd_list_element`. Hi Jan, Do you think you could write a test to exercise that fix? Simon