When setting the window title of a tui frame we do this:
gdb::unique_xmalloc_ptr<char> value
= python_string_to_host_string (<python-object>);
...
win->window->title = value.get ();
The problem here is that 'get ()' only borrows the pointer from value,
when value goes out of scope the pointer will be freed. As a result,
the tui frame will be left with a pointer to undefined memory
contents.
Instead we should be using 'value.release ()' to take ownership of the
pointer from value.
gdb/ChangeLog:
* python/py-tui.c (gdbpy_tui_set_title): Use release, not get, to
avoid use after free.
|
||
|---|---|---|
| .. | ||
| lib/gdb | ||
| py-all-events.def | ||
| py-arch.c | ||
| py-auto-load.c | ||
| py-block.c | ||
| py-bpevent.c | ||
| py-breakpoint.c | ||
| py-cmd.c | ||
| py-continueevent.c | ||
| py-event-types.def | ||
| py-event.c | ||
| py-event.h | ||
| py-events.h | ||
| py-evtregistry.c | ||
| py-evts.c | ||
| py-exitedevent.c | ||
| py-finishbreakpoint.c | ||
| py-frame.c | ||
| py-framefilter.c | ||
| py-function.c | ||
| py-gdb-readline.c | ||
| py-inferior.c | ||
| py-infevents.c | ||
| py-infthread.c | ||
| py-instruction.c | ||
| py-instruction.h | ||
| py-lazy-string.c | ||
| py-linetable.c | ||
| py-newobjfileevent.c | ||
| py-objfile.c | ||
| py-param.c | ||
| py-prettyprint.c | ||
| py-progspace.c | ||
| py-record-btrace.c | ||
| py-record-btrace.h | ||
| py-record-full.c | ||
| py-record-full.h | ||
| py-record.c | ||
| py-record.h | ||
| py-ref.h | ||
| py-signalevent.c | ||
| py-stopevent.c | ||
| py-stopevent.h | ||
| py-symbol.c | ||
| py-symtab.c | ||
| py-threadevent.c | ||
| py-tui.c | ||
| py-type.c | ||
| py-unwind.c | ||
| py-utils.c | ||
| py-value.c | ||
| py-varobj.c | ||
| py-xmethods.c | ||
| python-config.py | ||
| python-internal.h | ||
| python.c | ||
| python.h | ||