gdb: Stop exec_close looking like a UAF weakness

A recent static analyzer run flagged that program_space::exec_close
could be using a pointer after it has been freed. This is not true, as
the pointer is never dereferenced, the address is used for comparisons.

However, to avoid false positives from static analyzers (or bogus
security bugs), this commit makes the code stop looking like a UAF by
moving the unique_ptr into a local unique_ptr, so that there is no way
someone would think memory could be used after being freed.

Approved-By: Tom Tromey <tom@tromey.com>

diff --git a/gdb/progspace.c b/gdb/progspace.c
index 569dfc87d7db0cb6b8ee04a2d7b254a56ca3d168..fcfdbd7789f2cdbd9bab99d90caaca5dc801de29 100644 (file)
--- a/gdb/progspace.c
+++ b/gdb/progspace.c
@@ -202,12 +202,14 @@ program_space::exec_close ()
   if (ebfd != nullptr)
     {
       /* Removing target sections may close the exec_ops target.
-        Clear ebfd before doing so to prevent recursion.  */
-      bfd *saved_ebfd = ebfd.get ();
+        Clear ebfd before doing so to prevent recursion.  We
+        move it to another ref_ptr instead of saving it to a raw
+        pointer to avoid it looking like possible use-after-free.  */
+      gdb_bfd_ref_ptr saved_ebfd = std::move(ebfd);
       ebfd.reset (nullptr);
       ebfd_mtime = 0;
 
-      remove_target_sections (saved_ebfd);
+      remove_target_sections (saved_ebfd.get ());
 
       m_exec_filename.reset ();
     }