[Lldb-commits] [PATCH] D45011: Prevent double release of mach ports
Frederic Riss via Phabricator via lldb-commits
lldb-commits at lists.llvm.org
Wed Mar 28 18:04:59 PDT 2018
friss created this revision.
friss added a reviewer: jasonmolenda.
When a MIG routine returns KERN_FAILURE, the demux function will release any OOL resources like ports. In this case, task_port and thread_port will be released twice, potentially resulting in use after free of the ports.
I don't think we can test this in any useful way
rdar://problem/37331387
https://reviews.llvm.org/D45011
Files:
source/Plugins/Process/Darwin/MachException.cpp
tools/debugserver/source/MacOSX/MachException.cpp
Index: tools/debugserver/source/MacOSX/MachException.cpp
===================================================================
--- tools/debugserver/source/MacOSX/MachException.cpp
+++ tools/debugserver/source/MacOSX/MachException.cpp
@@ -86,8 +86,6 @@
(uint64_t)(exc_data_count > 0 ? exc_data[0] : 0xBADDBADD),
(uint64_t)(exc_data_count > 1 ? exc_data[1] : 0xBADDBADD));
}
- mach_port_deallocate(mach_task_self(), task_port);
- mach_port_deallocate(mach_task_self(), thread_port);
return KERN_FAILURE;
}
Index: source/Plugins/Process/Darwin/MachException.cpp
===================================================================
--- source/Plugins/Process/Darwin/MachException.cpp
+++ source/Plugins/Process/Darwin/MachException.cpp
@@ -92,8 +92,6 @@
(uint64_t)(exc_data_count > 0 ? exc_data[0] : 0xBADDBADD),
(uint64_t)(exc_data_count > 1 ? exc_data[1] : 0xBADDBADD));
}
- mach_port_deallocate(mach_task_self(), task_port);
- mach_port_deallocate(mach_task_self(), thread_port);
return KERN_FAILURE;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D45011.140174.patch
Type: text/x-patch
Size: 1096 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20180329/8ea9f1c8/attachment.bin>
More information about the lldb-commits
mailing list