From patchwork Mon Mar 25 01:36:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Marchi X-Patchwork-Id: 31970 Received: (qmail 81097 invoked by alias); 25 Mar 2019 01:36:13 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 81080 invoked by uid 89); 25 Mar 2019 01:36:13 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-18.5 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.3.1 spammy=am, a.m, UD:a.m, investigated X-HELO: simark.ca Received: from simark.ca (HELO simark.ca) (158.69.221.121) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 25 Mar 2019 01:36:11 +0000 Received: from [10.0.0.11] (unknown [192.222.164.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by simark.ca (Postfix) with ESMTPSA id B9D701E4A2; Sun, 24 Mar 2019 21:36:09 -0400 (EDT) Subject: Re: Fix pressing down in the TUI (Re: [RFC 8.3 0/3] Some style fixes) From: Simon Marchi To: Eli Zaretskii , Pedro Alves Cc: tromey@adacore.com, gdb-patches@sourceware.org References: <20190308210433.32683-1-tromey@adacore.com> <83pnr08tc8.fsf@gnu.org> <83zhq26fcw.fsf@gnu.org> <874l899nh3.fsf@tromey.com> <8336ns3uv4.fsf@gnu.org> <831s381cp5.fsf@gnu.org> <432e3aa4-a006-bace-657b-b49ec2314190@redhat.com> <83ef76ya4g.fsf@gnu.org> <9f2b679b-44e6-0228-339b-690971887214@simark.ca> Message-ID: <8735852e-30bc-e5c8-de20-e0511eee8132@simark.ca> Date: Sun, 24 Mar 2019 21:36:08 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 In-Reply-To: <9f2b679b-44e6-0228-339b-690971887214@simark.ca> On 2019-03-24 11:35 a.m., Simon Marchi wrote: > Hi all, > > I get an AddressSanitizer failure, and bisecting points to this commit. > > I simply "start" an executable, and there is a use-after-free happening when > trying to print the stop location. See the dump below. I investigated quickly, here's what I found. We first get the symtab's fullname with const char *fullname = symtab_to_fullname (s); fullname essentially is the same as s->fullname. The call to open_source_file that was added by this patch deallocates s->fullname and replaces it with a new value (if though it may be an identical string). When we pass fullname (the local variable) to ighlighter.highlight, it still points to now free'd memory. The obvious patch would be to fetch fullname again after calling open_source_file, like so: ... but maybe there's a better way? Should we instead create a local copy of FULLNAME? Simon diff --git a/gdb/source-cache.c b/gdb/source-cache.c index 9211f098eb70..ac97d79cdb31 100644 --- a/gdb/source-cache.c +++ b/gdb/source-cache.c @@ -206,6 +206,8 @@ source_cache::get_source_lines (struct symtab *s, int first_line, if (desc.get () < 0) return false; find_source_lines (s, desc.get ()); + + fullname = symtab_to_fullname (s); } srchilite::SourceHighlight highlighter ("esc.outlang"); highlighter.setStyleFile("esc.style");