This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: Fix pressing down in the TUI (Re: [RFC 8.3 0/3] Some style fixes)
On 2019-03-24 11:35 a.m., Simon Marchi wrote:
> Hi all,
>
> I get an AddressSanitizer failure, and bisecting points to this commit.
>
> I simply "start" an executable, and there is a use-after-free happening when
> trying to print the stop location. See the dump below.
I investigated quickly, here's what I found. We first get the symtab's fullname
with
const char *fullname = symtab_to_fullname (s);
fullname essentially is the same as s->fullname.
The call to open_source_file that was added by this patch deallocates s->fullname
and replaces it with a new value (if though it may be an identical string). When
we pass fullname (the local variable) to ighlighter.highlight, it still points to
now free'd memory.
The obvious patch would be to fetch fullname again after calling open_source_file,
like so:
diff --git a/gdb/source-cache.c b/gdb/source-cache.c
index 9211f098eb70..ac97d79cdb31 100644
--- a/gdb/source-cache.c
+++ b/gdb/source-cache.c
@@ -206,6 +206,8 @@ source_cache::get_source_lines (struct symtab *s, int first_line,
if (desc.get () < 0)
return false;
find_source_lines (s, desc.get ());
+
+ fullname = symtab_to_fullname (s);
}
srchilite::SourceHighlight highlighter ("esc.outlang");
highlighter.setStyleFile("esc.style");
... but maybe there's a better way? Should we instead create a local copy of FULLNAME?
Simon