[Lldb-commits] [PATCH] D117065: [lldb/Plugins] Fix ScriptedInterface object ptr use-after-free

Tue Jan 11 16:41:47 PST 2022

mib created this revision.
mib added a reviewer: JDevlieghere.
mib added a project: LLVM.
mib requested review of this revision.
Herald added a project: LLDB.
Herald added a subscriber: lldb-commits.

This patch replaces all the ScriptedInterface object instance shared
pointer by a raw pointer. The reason behind the change is that when the
smart pointer gets re-assigned, that triggers calling the default
deleter to the previously pointer object.

However, in this case, the pointed memory was allocated in Python, so
when another object tries to read it, it causes a heap-use-after-free.

By switching to a raw pointer, it prevents lldb from decrementing the
reference counting to 0 and calling the deleter for that object.

rdar://87425859

Signed-off-by: Med Ismail Bennani <medismail.bennani at gmail.com>

Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D117065

Files:
  lldb/include/lldb/Interpreter/ScriptedInterface.h
  lldb/include/lldb/Interpreter/ScriptedProcessInterface.h
  lldb/source/Plugins/Process/scripted/ScriptedProcess.cpp
  lldb/source/Plugins/Process/scripted/ScriptedProcess.h
  lldb/source/Plugins/Process/scripted/ScriptedThread.cpp
  lldb/source/Plugins/Process/scripted/ScriptedThread.h
  lldb/source/Plugins/ScriptInterpreter/Python/ScriptedProcessPythonInterface.cpp
  lldb/source/Plugins/ScriptInterpreter/Python/ScriptedProcessPythonInterface.h
  lldb/source/Plugins/ScriptInterpreter/Python/ScriptedPythonInterface.h
  lldb/source/Plugins/ScriptInterpreter/Python/ScriptedThreadPythonInterface.cpp
  lldb/source/Plugins/ScriptInterpreter/Python/ScriptedThreadPythonInterface.h

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D117065.399124.patch
Type: text/x-patch
Size: 11065 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20220112/8136a8cc/attachment.bin>