gdb/python: Avoid use after free in py-tui.c
When setting the window title of a tui frame we do this: gdb::unique_xmalloc_ptr<char> value = python_string_to_host_string (<python-object>); ... win->window->title = value.get (); The problem here is that 'get ()' only borrows the pointer from value, when value goes out of scope the pointer will be freed. As a result, the tui frame will be left with a pointer to undefined memory contents. Instead we should be using 'value.release ()' to take ownership of the pointer from value. gdb/ChangeLog: * python/py-tui.c (gdbpy_tui_set_title): Use release, not get, to avoid use after free.
This commit is contained in:
parent
f1919c56e1
commit
982a38f60b
|
@ -1,3 +1,8 @@
|
|||
2020-06-05 Andrew Burgess <andrew.burgess@embecosm.com>
|
||||
|
||||
* python/py-tui.c (gdbpy_tui_set_title): Use release, not get, to
|
||||
avoid use after free.
|
||||
|
||||
2020-06-05 Tom de Vries <tdevries@suse.de>
|
||||
|
||||
* NEWS: Fix typos.
|
||||
|
|
|
@ -433,7 +433,7 @@ gdbpy_tui_set_title (PyObject *self, PyObject *newvalue, void *closure)
|
|||
if (value == nullptr)
|
||||
return -1;
|
||||
|
||||
win->window->title = value.get ();
|
||||
win->window->title = value.release ();
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue