From: Andrew Burgess <aburgess@redhat.com>
Date: Tue, 18 Jul 2023 12:52:20 +0000 (+0100)
Subject: gdb: fix possible nullptr dereference in a remote_debug_printf call
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=1720b64f735ff2798ab50ea9e2a40ab42af6cc6e;p=binutils-gdb.git

gdb: fix possible nullptr dereference in a remote_debug_printf call

While working on another patch I triggered a segfault from within the
function remote_target::discard_pending_stop_replies.  Turns out this
was caused by a cut&paste error introduced in this commit:

  commit df5ad102009c41ab4dfadbb8cfb8c8b2a02a4f78
  Date:   Wed Dec 1 09:40:03 2021 -0500

      gdb, gdbserver: detach fork child when detaching from fork parent

This commit adds a remote_debug_printf call that was copied from
earlier in the function, however, the new call wasn't updated to use
the appropriate local variable.  The local variable that it is using
might be nullptr, in which case we trigger undefined behaviour, and
could crash, which is what I was seeing.

Fixed by updating to use the correct local variable.
---

diff --git a/gdb/remote.c b/gdb/remote.c
index 7e3d6adfe4f..ff3d7e5cd32 100644
--- a/gdb/remote.c
+++ b/gdb/remote.c
@@ -7564,8 +7564,8 @@ remote_target::discard_pending_stop_replies (struct inferior *inf)
   for (auto it = iter; it != rs->stop_reply_queue.end (); ++it)
     remote_debug_printf
       ("discarding queued stop reply: ptid: %s, ws: %s\n",
-       reply->ptid.to_string().c_str(),
-       reply->ws.to_string ().c_str ());
+       (*it)->ptid.to_string().c_str(),
+       (*it)->ws.to_string ().c_str ());
   rs->stop_reply_queue.erase (iter, rs->stop_reply_queue.end ());
 }