projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e0c45de)
Fix undefined behavior in gdbserver
authorTom Tromey <tromey@adacore.com>
Tue, 20 Oct 2020 16:28:58 +0000 (10:28 -0600)
committerTom Tromey <tromey@adacore.com>
Tue, 20 Oct 2020 16:36:04 +0000 (10:36 -0600)
PR gdb/26742 points out some undefined behavior in gdbserver.  The bug
is that remove_thread does:

  free_one_thread (thread);
  if (current_thread == thread)
    current_thread = NULL;

However, the equality check is undefined, because "thread" has already
been freed.

This patch fixes the bug by moving the check earlier.

Tested on x86-64 Fedora 32.

2020-10-20  Tom Tromey  <tromey@adacore.com>

PR gdb/26742:
* inferiors.cc (remove_thread): Clear current_thread before
freeing the thread.

gdbserver/ChangeLog patch | blob | history
gdbserver/inferiors.cc patch | blob | history

diff --git a/gdbserver/ChangeLog b/gdbserver/ChangeLog
index e93e4eab9b5a1ff4a2b5e2d9d508a574664c775b..fd0a4bfaa5483d6103b06e911259056f6694b513 100644 (file)
--- a/gdbserver/ChangeLog
+++ b/gdbserver/ChangeLog
@@ -1,3 +1,9 @@
+2020-10-20  Tom Tromey  <tromey@adacore.com>
+
+       PR gdb/26742:
+       * inferiors.cc (remove_thread): Clear current_thread before
+       freeing the thread.
+
 2020-10-13  Kamil Rytarowski  <n54@gmx.com>x
 
        * netbsd-low.cc (netbsd_tdesc): Remove.
diff --git a/gdbserver/inferiors.cc b/gdbserver/inferiors.cc
index 861c9f3e338f9e2ad7a0e562e669ceb27adfd8a5..9a1280d039b42f847fe51bd87a3e77345fad7222 100644 (file)
--- a/gdbserver/inferiors.cc
+++ b/gdbserver/inferiors.cc
@@ -103,9 +103,9 @@ remove_thread (struct thread_info *thread)
 
   discard_queued_stop_replies (ptid_of (thread));
   all_threads.remove (thread);
-  free_one_thread (thread);
   if (current_thread == thread)
     current_thread = NULL;
+  free_one_thread (thread);
 }
 
 void *