[all-commits] [llvm/llvm-project] 72e259: [lldb/API] Add SetDataWithOwnership method to SBData

Med Ismail Bennani via All-commits all-commits at lists.llvm.org
Mon Dec 13 11:05:35 PST 2021 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 72e25978f93f0bf7577593aba9591c727526423c
      https://github.com/llvm/llvm-project/commit/72e25978f93f0bf7577593aba9591c727526423c
  Author: Med Ismail Bennani <medismail.bennani at gmail.com>
  Date:   2021-12-13 (Mon, 13 Dec 2021)

  Changed paths:
    M lldb/bindings/interface/SBData.i
    M lldb/include/lldb/API/SBData.h
    M lldb/source/API/SBData.cpp
    M lldb/test/API/python_api/sbdata/TestSBData.py

  Log Message:
  -----------
  [lldb/API] Add SetDataWithOwnership method to SBData

This patch introduces a new method to SBData: SetDataWithOwnership.

Instead of referencing the pointer to the data, this method copies the
data buffer into lldb's heap memory.

This can prevent having the underlying DataExtractor object point to
freed/garbage-collected memory.

Differential Revision: https://reviews.llvm.org/D115652

Signed-off-by: Med Ismail Bennani <medismail.bennani at gmail.com>


  Commit: ef74c8002ae86d95fd9d1927233102aac52d769c
      https://github.com/llvm/llvm-project/commit/ef74c8002ae86d95fd9d1927233102aac52d769c
  Author: Med Ismail Bennani <medismail.bennani at gmail.com>
  Date:   2021-12-13 (Mon, 13 Dec 2021)

  Changed paths:
    M lldb/test/API/functionalities/scripted_process/TestScriptedProcess.py
    M lldb/test/API/functionalities/scripted_process/stack_core_scripted_process.py

  Log Message:
  -----------
  [lldb/plugin] Fix heap-use-after-free in ScriptedProcess::ReadMemory

This commit should fix a heap-use-after-free bug that was caught by the
sanitizer bot.

The issue is that we were reading memory from a second target into a
`SBData` object in Python, that was passed to lldb's internal
`ScriptedProcess::DoReadMemory` C++ method.

The ScriptedPythonInterface then extracts the underlying `DataExtractor`
from the `SBData` object, and is used to read the memory with the
appropriate address size and byte order.

Unfortunately, it seems that even though the DataExtractor object was
still valid, it pointed to invalid, possibly garbage-collected memory
from Python.

To mitigate this, the patch uses `SBData::SetDataWithOwnership` to copy
the pointed buffer to lldb's heap memory which prevents the
use-after-free error.

rdar://84511405

Differential Revision: https://reviews.llvm.org/D115654

Signed-off-by: Med Ismail Bennani <medismail.bennani at gmail.com>


Compare: https://github.com/llvm/llvm-project/compare/bbfaf0b170b6...ef74c8002ae8

More information about the All-commits mailing list