This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [PATCH] Fix read after xfree in linux_nat_detach
- From: Pedro Alves <palves at redhat dot com>
- To: Philipp Rudo <prudo at linux dot vnet dot ibm dot com>, gdb-patches at sourceware dot org
- Date: Wed, 22 Mar 2017 15:07:22 +0000
- Subject: Re: [PATCH] Fix read after xfree in linux_nat_detach
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=palves at redhat dot com
- Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E78BB437F4B
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E78BB437F4B
- References: <20170322131132.98976-1-prudo@linux.vnet.ibm.com> <20170322131132.98976-2-prudo@linux.vnet.ibm.com>
On 03/22/2017 01:11 PM, Philipp Rudo wrote:
> At the end of linux_nat_detach there is a check whether the inferior has a
> fork. If no fork exists the main_lwp is detached (detach_one_lwp) and
> later, outside the check, deleted (delete_lwp). This is problematic as
> detach_one_lwp also calls delete_lwp freeing main_lwp. Thus the second
> call to delete_lwp reads from already freed memory. Fix this by removing
> delete_lwp at the end of detach_one_lwp.
Why not just move that unconditional call to delete_lwp call at
the end of linux_nat_detach to the forks_exist_p/true branch?
Actually, that call looks unnecessary for the fork case too,
since we have:
linux_fork_detach
-> fork_load_infrun_state
-> linux_nat_switch_fork
-> purge_lwp_list
-> lwp_lwpid_htab_remove_pid
-> lwp_free
So... couldn't we just remove that delete_lwp line and be done with it?
Thanks,
Pedro Alves