Author: Med Ismail Bennani Date: 2021-12-13T11:05:07-08:00 New Revision: ef74c8002ae86d95fd9d1927233102aac52d769c
URL: https://github.com/llvm/llvm-project/commit/ef74c8002ae86d95fd9d1927233102aac52d769c DIFF: https://github.com/llvm/llvm-project/commit/ef74c8002ae86d95fd9d1927233102aac52d769c.diff LOG: [lldb/plugin] Fix heap-use-after-free in ScriptedProcess::ReadMemory This commit should fix a heap-use-after-free bug that was caught by the sanitizer bot. The issue is that we were reading memory from a second target into a `SBData` object in Python, that was passed to lldb's internal `ScriptedProcess::DoReadMemory` C++ method. The ScriptedPythonInterface then extracts the underlying `DataExtractor` from the `SBData` object, and is used to read the memory with the appropriate address size and byte order. Unfortunately, it seems that even though the DataExtractor object was still valid, it pointed to invalid, possibly garbage-collected memory from Python. To mitigate this, the patch uses `SBData::SetDataWithOwnership` to copy the pointed buffer to lldb's heap memory which prevents the use-after-free error. rdar://84511405 Differential Revision: https://reviews.llvm.org/D115654 Signed-off-by: Med Ismail Bennani <medismail.benn...@gmail.com> Added: Modified: lldb/test/API/functionalities/scripted_process/TestScriptedProcess.py lldb/test/API/functionalities/scripted_process/stack_core_scripted_process.py Removed: ################################################################################ diff --git a/lldb/test/API/functionalities/scripted_process/TestScriptedProcess.py b/lldb/test/API/functionalities/scripted_process/TestScriptedProcess.py index 603dc7fa6c128..2a5eff3122145 100644 --- a/lldb/test/API/functionalities/scripted_process/TestScriptedProcess.py +++ b/lldb/test/API/functionalities/scripted_process/TestScriptedProcess.py @@ -139,7 +139,6 @@ def create_stack_skinny_corefile(self, file): @skipUnlessDarwin @skipIfOutOfTreeDebugserver - @skipIfAsan # rdar://85954489 def test_launch_scripted_process_stack_frames(self): """Test that we can launch an lldb scripted process from the command line, check its process ID and read string from memory.""" diff --git a/lldb/test/API/functionalities/scripted_process/stack_core_scripted_process.py b/lldb/test/API/functionalities/scripted_process/stack_core_scripted_process.py index 7c3e069d22505..da7c69ee7b993 100644 --- a/lldb/test/API/functionalities/scripted_process/stack_core_scripted_process.py +++ b/lldb/test/API/functionalities/scripted_process/stack_core_scripted_process.py @@ -43,8 +43,9 @@ def read_memory_at_address(self, addr: int, size: int) -> lldb.SBData: if error.Fail(): return data - data.SetData(error, bytes_read, self.corefile_target.GetByteOrder(), - self.corefile_target.GetAddressByteSize()) + data.SetDataWithOwnership(error, bytes_read, + self.corefile_target.GetByteOrder(), + self.corefile_target.GetAddressByteSize()) return data _______________________________________________ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
