From: Tom Tromey <tromey@adacore.com>
Date: Tue, 20 Oct 2020 16:28:58 +0000 (-0600)
Subject: Fix undefined behavior in gdbserver
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=a9b45cb77662d0bb8d312140eee94146f34bd3ce;p=binutils-gdb.git

Fix undefined behavior in gdbserver

PR gdb/26742 points out some undefined behavior in gdbserver.  The bug
is that remove_thread does:

  free_one_thread (thread);
  if (current_thread == thread)
    current_thread = NULL;

However, the equality check is undefined, because "thread" has already
been freed.

This patch fixes the bug by moving the check earlier.

Tested on x86-64 Fedora 32.

2020-10-20  Tom Tromey  <tromey@adacore.com>

	PR gdb/26742:
	* inferiors.cc (remove_thread): Clear current_thread before
	freeing the thread.
---

diff --git a/gdbserver/ChangeLog b/gdbserver/ChangeLog
index e93e4eab9b5..fd0a4bfaa54 100644
--- a/gdbserver/ChangeLog
+++ b/gdbserver/ChangeLog
@@ -1,3 +1,9 @@
+2020-10-20  Tom Tromey  <tromey@adacore.com>
+
+	PR gdb/26742:
+	* inferiors.cc (remove_thread): Clear current_thread before
+	freeing the thread.
+
 2020-10-13  Kamil Rytarowski  <n54@gmx.com>x
 
 	* netbsd-low.cc (netbsd_tdesc): Remove.
diff --git a/gdbserver/inferiors.cc b/gdbserver/inferiors.cc
index 861c9f3e338..9a1280d039b 100644
--- a/gdbserver/inferiors.cc
+++ b/gdbserver/inferiors.cc
@@ -103,9 +103,9 @@ remove_thread (struct thread_info *thread)
 
   discard_queued_stop_replies (ptid_of (thread));
   all_threads.remove (thread);
-  free_one_thread (thread);
   if (current_thread == thread)
     current_thread = NULL;
+  free_one_thread (thread);
 }
 
 void *