This is the mail archive of the
gdb-testers@sourceware.org
mailing list for the GDB project.
[binutils-gdb/gdb-7.11-branch] Fix gdb/python/python.c use-after-free
- From: sergiodj+buildbot at sergiodj dot net
- To: gdb-testers at sourceware dot org
- Date: Tue, 03 May 2016 07:55:35 -0400
- Subject: [binutils-gdb/gdb-7.11-branch] Fix gdb/python/python.c use-after-free
- Authentication-results: sourceware.org; auth=none
*** TEST RESULTS FOR COMMIT 329dec6fc5f2efa83d626583135081b53abe8729 ***
Author: Pedro Alves <palves@redhat.com>
Branch: gdb-7.11-branch
Commit: 329dec6fc5f2efa83d626583135081b53abe8729
Fix gdb/python/python.c use-after-free
Valgrind shows:
==26964== Invalid read of size 1
==26964== at 0x6E14100: __GI_strcmp (strcmp.S:180)
==26964== by 0x6DB55AA: setlocale (setlocale.c:238)
==26964== by 0x4E0455: _initialize_python() (python.c:1731)
==26964== by 0x786731: initialize_all_files() (init.c:319)
==26964== by 0x72EF0A: gdb_init(char*) (top.c:1929)
==26964== by 0x60BCAC: captured_main(void*) (main.c:863)
==26964== by 0x606AD5: catch_errors(int (*)(void*), void*, char*, return_mask) (exceptions.c:234)
==26964== by 0x60C608: gdb_main(captured_main_args*) (main.c:1165)
==26964== by 0x40CAEC: main (gdb.c:32)
==26964== Address 0x81d30a0 is 0 bytes inside a block of size 181 free'd
==26964== at 0x4C29CF0: free (vg_replace_malloc.c:530)
==26964== by 0x6DB5B65: setname (setlocale.c:201)
==26964== by 0x6DB5B65: setlocale (setlocale.c:388)
==26964== by 0x4E037F: _initialize_python() (python.c:1712)
==26964== by 0x786731: initialize_all_files() (init.c:319)
==26964== by 0x72EF0A: gdb_init(char*) (top.c:1929)
==26964== by 0x60BCAC: captured_main(void*) (main.c:863)
==26964== by 0x606AD5: catch_errors(int (*)(void*), void*, char*, return_mask) (exceptions.c:234)
==26964== by 0x60C608: gdb_main(captured_main_args*) (main.c:1165)
==26964== by 0x40CAEC: main (gdb.c:32)
The problem is doing this:
oldloc = setlocale (LC_ALL, NULL);
setlocale (LC_ALL, "");
...
setlocale (LC_ALL, oldloc);
I.e., the second setlocale call frees 'oldloc'.
>From http://pubs.opengroup.org/onlinepubs/9699919799/functions/setlocale.html :
"The returned string pointer might be invalidated or the string
content might be overwritten by a subsequent call to setlocale()."
gdb/ChangeLog:
2016-05-03 Pedro Alves <palves@redhat.com>
PR python/20037
* python/python.c (_initialize_python) [IS_PY3K]: xstrdup/xfree
oldloc.
- Follow-Ups:
- Failures on RHEL-s390x-m64, branch gdb-7.11-branch
- Failures on Fedora-i686, branch gdb-7.11-branch
- Failures on Fedora-x86_64-m32, branch gdb-7.11-branch
- Failures on Fedora-x86_64-native-extended-gdbserver-m64, branch gdb-7.11-branch
- Failures on Fedora-x86_64-native-gdbserver-m64, branch gdb-7.11-branch
- Failures on AIX-POWER7-plain, branch gdb-7.11-branch
- Failures on Fedora-x86_64-m64, branch gdb-7.11-branch
- Failures on Fedora-x86_64-native-gdbserver-m32, branch gdb-7.11-branch
- Failures on Fedora-s390x-m64, branch gdb-7.11-branch
- Failures on Fedora-x86_64-native-extended-gdbserver-m32, branch gdb-7.11-branch
- Failures on Debian-i686, branch gdb-7.11-branch
- Failures on Debian-i686-native-extended-gdbserver, branch gdb-7.11-branch
- Failures on Debian-x86_64-native-extended-gdbserver-m64, branch gdb-7.11-branch
- Failures on Fedora-ppc64be-native-extended-gdbserver-m64, branch gdb-7.11-branch
- Failures on Debian-s390x-native-extended-gdbserver-m64, branch gdb-7.11-branch
- Failures on Fedora-ppc64le-cc-with-index, branch gdb-7.11-branch
- Failures on Fedora-ppc64le-native-gdbserver-m64, branch gdb-7.11-branch