[Lldb-commits] [lldb] r316740 - Fix a use-after-free in lldb-server

Tue Oct 31 08:59:57 PDT 2017

My takeaway is a bug was added that wasn't previously a bug. If code was designed to carefully use StringRef, then yes, it can be made safe. But we added StringRef support in all of LLDB and we didn't catch all of the possible misuses. My main questions is: is there anything we can do to catch these things now that we have them.

On Mac we can set the MallocScribble environment variable in our test suite. This will scribble 0x55 on all freed pages. This might catch some extra crashes. Malloc debug details:

https://developer.apple.com/library/content/documentation/Performance/Conceptual/ManagingMemory/Articles/MallocDebug.html <https://developer.apple.com/library/content/documentation/Performance/Conceptual/ManagingMemory/Articles/MallocDebug.html>

> On Oct 31, 2017, at 8:12 AM, Zachary Turner <zturner at google.com> wrote:
> 
> The takeaway from this example is nothing we don't already know.  We need better test coverage.
> 
> On Tue, Oct 31, 2017 at 8:08 AM Greg Clayton via lldb-commits <lldb-commits at lists.llvm.org <mailto:lldb-commits at lists.llvm.org>> wrote:
> This is one example of how StringRef causes issues because it was adopted everywhere. Is there any way we can change our functions so we can't run into this issue? Anything we can learn from this example?
> 
> 
> 
> > On Oct 26, 2017, at 9:53 PM, Pavel Labath via lldb-commits <lldb-commits at lists.llvm.org <mailto:lldb-commits at lists.llvm.org>> wrote:
> >
> > Author: labath
> > Date: Thu Oct 26 21:53:24 2017
> > New Revision: 316740
> >
> > URL: http://llvm.org/viewvc/llvm-project?rev=316740&view=rev <http://llvm.org/viewvc/llvm-project?rev=316740&view=rev>
> > Log:
> > Fix a use-after-free in lldb-server
> >
> > UriParser::Parse is returning a StringRef pointing the the parsed
> > string, but we were calling it with a temporary string. Change this to a
> > local variable to make sure the string persists as long as we need it.
> >
> > Modified:
> >    lldb/trunk/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationServerPlatform.cpp
> >
> > Modified: lldb/trunk/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationServerPlatform.cpp
> > URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationServerPlatform.cpp?rev=316740&r1=316739&r2=316740&view=diff <http://llvm.org/viewvc/llvm-project/lldb/trunk/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationServerPlatform.cpp?rev=316740&r1=316739&r2=316740&view=diff>
> > ==============================================================================
> > --- lldb/trunk/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationServerPlatform.cpp (original)
> > +++ lldb/trunk/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationServerPlatform.cpp Thu Oct 26 21:53:24 2017
> > @@ -128,8 +128,9 @@ Status GDBRemoteCommunicationServerPlatf
> >   llvm::StringRef platform_ip;
> >   int platform_port;
> >   llvm::StringRef platform_path;
> > -  bool ok = UriParser::Parse(GetConnection()->GetURI(), platform_scheme,
> > -                             platform_ip, platform_port, platform_path);
> > +  std::string platform_uri = GetConnection()->GetURI();
> > +  bool ok = UriParser::Parse(platform_uri, platform_scheme, platform_ip,
> > +                             platform_port, platform_path);
> >   UNUSED_IF_ASSERT_DISABLED(ok);
> >   assert(ok);
> >
> >
> >
> > _______________________________________________
> > lldb-commits mailing list
> > lldb-commits at lists.llvm.org <mailto:lldb-commits at lists.llvm.org>
> > http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits <http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits>
> 
> _______________________________________________
> lldb-commits mailing list
> lldb-commits at lists.llvm.org <mailto:lldb-commits at lists.llvm.org>
> http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits <http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20171031/1b86bb93/attachment-0001.html>