From 54ee425275c759438d90c40781e3810a551f0a5f Mon Sep 17 00:00:00 2001 From: Tom Tromey Date: Mon, 1 Jul 2019 09:33:19 -0600 Subject: [PATCH] Avoid use-after-free in DWARF debug names code A static analyzer pointed out that find_vec_in_debug_names will use the contents of a unique_ptr after it has been destroyed. This patch fixes the bug by hoisting the declaration into the appropriate enclosing block. I'm checking this in as obvious. gdb/ChangeLog 2019-07-01 Tom Tromey * dwarf2read.c (dw2_debug_names_iterator::find_vec_in_debug_names): Hoist declaration of without_params. Fix formatting. --- gdb/ChangeLog | 6 ++++++ gdb/dwarf2read.c | 9 +++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index b1fa6112866..4cb3f6f1bc2 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,9 @@ +2019-07-01 Tom Tromey + + * dwarf2read.c + (dw2_debug_names_iterator::find_vec_in_debug_names): Hoist + declaration of without_params. Fix formatting. + 2019-07-01 Tom Tromey * ada-exp.y (find_primitive_type): Update. diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c index d0048632926..f1fbba43fad 100644 --- a/gdb/dwarf2read.c +++ b/gdb/dwarf2read.c @@ -5726,6 +5726,7 @@ dw2_debug_names_iterator::find_vec_in_debug_names { int (*cmp) (const char *, const char *); + gdb::unique_xmalloc_ptr without_params; if (current_language->la_language == language_cplus || current_language->la_language == language_fortran || current_language->la_language == language_d) @@ -5735,13 +5736,9 @@ dw2_debug_names_iterator::find_vec_in_debug_names if (strchr (name, '(') != NULL) { - gdb::unique_xmalloc_ptr without_params - = cp_remove_params (name); - + without_params = cp_remove_params (name); if (without_params != NULL) - { - name = without_params.get(); - } + name = without_params.get (); } } -- 2.30.2