gdb/python: Avoid use after free in py-tui.c

When setting the window title of a tui frame we do this: gdb::unique_xmalloc_ptr<char> value = python_string_to_host_string (<python-object>); ... win->window->title = value.get (); The problem here is that 'get ()' only borrows the pointer from value, when value goes out of scope the pointer will be freed. As a result, the tui frame will be left with a pointer to undefined memory contents. Instead we should be using 'value.release ()' to take ownership of the pointer from value. gdb/ChangeLog: * python/py-tui.c (gdbpy_tui_set_title): Use release, not get, to avoid use after free.
2020-06-05 18:13:09 +01:00 · 2020-06-05 18:13:09 +01:00 · 982a38f60b
parent f1919c56e1
commit 982a38f60b
2 changed files with 6 additions and 1 deletions
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@ -1,3 +1,8 @@
+2020-06-05  Andrew Burgess  <andrew.burgess@embecosm.com>
+
+	* python/py-tui.c (gdbpy_tui_set_title): Use release, not get, to
+	avoid use after free.
+
 2020-06-05  Tom de Vries  <tdevries@suse.de>

 	* NEWS: Fix typos.
--- a/gdb/python/py-tui.c
+++ b/gdb/python/py-tui.c
@ -433,7 +433,7 @@ gdbpy_tui_set_title (PyObject *self, PyObject *newvalue, void *closure)
  if (value == nullptr)
    return -1;

-  win->window->title = value.get ();
+  win->window->title = value.release ();
  return 0;
 }