)]}' { "commit": "c42dd30d73ec441ed9cab207597c7f5ce88ee231", "tree": "226451dbeee4300742b09e95452a4158d3f3d84f", "parents": [ "d942d8db12adf4c9e5c7d9ed6496a779ece7149e" ], "author": { "name": "Andrew Burgess", "email": "aburgess@redhat.com", "time": "Thu Apr 28 11:37:51 2022 +0100" }, "committer": { "name": "Andrew Burgess", "email": "aburgess@redhat.com", "time": "Thu Apr 28 15:09:50 2022 +0100" }, "message": "gdb: fix nullptr dereference in block::ranges()\n\nThis commit:\n\n commit f5cb8afdd297dd68273d98a10fbfd350dff918d8\n Date: Sun Feb 6 22:27:53 2022 -0500\n\n gdb: remove BLOCK_RANGES macro\n\nintroduces a potential nullptr dereference in block::ranges, this is\nbreaking most tests, e.g. gdb.base/break.exp is failing for me.\n\nIn the above patch BLOCK_CONTIGUOUS_P is changed from this:\n\n #define BLOCK_CONTIGUOUS_P(bl) (BLOCK_RANGES (bl) \u003d\u003d nullptr \\\n || BLOCK_NRANGES (bl) \u003c\u003d 1)\n\nto this:\n\n #define BLOCK_CONTIGUOUS_P(bl) ((bl)-\u003eranges ().size () \u003d\u003d 0 \\\n || (bl)-\u003eranges ().size () \u003d\u003d 1)\n\nSo, before the commit we checked for the block ranges being nullptr,\nbut afterwards we just call block::ranges() in all cases.\n\nThe problem is that block::ranges() looks like this:\n\n /* Return a view on this block\u0027s ranges. */\n gdb::array_view\u003cblockrange\u003e ranges ()\n { return gdb::make_array_view (m_ranges-\u003erange, m_ranges-\u003enranges); }\n\nwhere m_ranges is:\n\n struct blockranges *m_ranges;\n\nAnd so, we see that the nullptr check has been lost, and we might end\nup dereferencing a nullptr.\n\nMy proposed fix is to move the nullptr check into block::ranges, and\nreturn an explicit empty array_view if m_ranges is nullptr.\n\nAfter this, everything seems fine again.\n", "tree_diff": [ { "type": "modify", "old_id": "b9f4e974c040a7993673268df13b89cc7213865e", "old_mode": 33188, "old_path": "gdb/block.h", "new_id": "038ce7bd2f3258b42a96e9379bdf788410d0468c", "new_mode": 33188, "new_path": "gdb/block.h" } ] }