[Lldb-commits] [PATCH] D117065: [lldb/Plugins] Fix ScriptedInterface object ptr use-after-free

[Pavel Labath via Phabricator via lldb-commits]

labath added inline comments.


================
Comment at: lldb/source/Plugins/ScriptInterpreter/Python/ScriptedThreadPythonInterface.cpp:54
+  m_object_instance = static_cast<StructuredData::Generic *>(
+      new StructuredPythonObject(ret_val));
 
----------------
labath wrote:
> This doesn't sound right. This object (`StructuredPythonObject` instance) is definitely not created by python and will now be leaked. If I correctly understand the problem, the issue is that the this object gets a non-owning reference (the `ret_val` argument) to the underlying python object, and then frees it as if it was owning it. If that's the case, then the solution is to INCREF it in the constructor (or switch to using a PythonObject wrapper, which will then handle the lifetime management.
> 
> You may also be interested in D114722 (which I hope to update soon). It's not _directly_ related to this, but it touches the same parts of the code.
So, as far as I can tell `ret_val` is an owned reference (in `LLDBSwigPythonCreateScriptedThread`, it comes from `PythonObject.release()`). Could it be that something else is freeing (decreffing) the object more times than it should (thereby releasing the references that are supposed to be held here) and this code gets blamed/crashes just because it happens to run last?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D117065/new/

https://reviews.llvm.org/D117065