[Lldb-commits] [PATCH] D117065: [lldb/Plugins] Fix ScriptedInterface object ptr use-after-free
    Jonas Devlieghere via Phabricator via lldb-commits 
    lldb-commits at lists.llvm.org
       
    Wed Jan 12 11:31:17 PST 2022
    
    
  
JDevlieghere added inline comments.
================
Comment at: lldb/source/Plugins/ScriptInterpreter/Python/ScriptedThreadPythonInterface.cpp:54
+  m_object_instance = static_cast<StructuredData::Generic *>(
+      new StructuredPythonObject(ret_val));
 
----------------
labath wrote:
> labath wrote:
> > This doesn't sound right. This object (`StructuredPythonObject` instance) is definitely not created by python and will now be leaked. If I correctly understand the problem, the issue is that the this object gets a non-owning reference (the `ret_val` argument) to the underlying python object, and then frees it as if it was owning it. If that's the case, then the solution is to INCREF it in the constructor (or switch to using a PythonObject wrapper, which will then handle the lifetime management.
> > 
> > You may also be interested in D114722 (which I hope to update soon). It's not _directly_ related to this, but it touches the same parts of the code.
> So, as far as I can tell `ret_val` is an owned reference (in `LLDBSwigPythonCreateScriptedThread`, it comes from `PythonObject.release()`). Could it be that something else is freeing (decreffing) the object more times than it should (thereby releasing the references that are supposed to be held here) and this code gets blamed/crashes just because it happens to run last?
Pavel said it better than I would have :-) 
Repository:
  rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D117065/new/
https://reviews.llvm.org/D117065
    
    
More information about the lldb-commits
mailing list