From: Guinevere Larsen <guinevere@redhat.com>
Date: Tue, 29 Apr 2025 14:39:56 +0000 (-0300)
Subject: gdb: Stop exec_close looking like a UAF weakness
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aab91c55c3371b459f923138f2a910e0d223f229;p=thirdparty%2Fbinutils-gdb.git

gdb: Stop exec_close looking like a UAF weakness

A recent static analyzer run flagged that program_space::exec_close
could be using a pointer after it has been freed. This is not true, as
the pointer is never dereferenced, the address is used for comparisons.

However, to avoid false positives from static analyzers (or bogus
security bugs), this commit makes the code stop looking like a UAF by
moving the unique_ptr into a local unique_ptr, so that there is no way
someone would think memory could be used after being freed.

Approved-By: Tom Tromey <tom@tromey.com>
---

diff --git a/gdb/progspace.c b/gdb/progspace.c
index 569dfc87d7d..fcfdbd7789f 100644
--- a/gdb/progspace.c
+++ b/gdb/progspace.c
@@ -202,12 +202,14 @@ program_space::exec_close ()
   if (ebfd != nullptr)
     {
       /* Removing target sections may close the exec_ops target.
-	 Clear ebfd before doing so to prevent recursion.  */
-      bfd *saved_ebfd = ebfd.get ();
+	 Clear ebfd before doing so to prevent recursion.  We
+	 move it to another ref_ptr instead of saving it to a raw
+	 pointer to avoid it looking like possible use-after-free.  */
+      gdb_bfd_ref_ptr saved_ebfd = std::move(ebfd);
       ebfd.reset (nullptr);
       ebfd_mtime = 0;
 
-      remove_target_sections (saved_ebfd);
+      remove_target_sections (saved_ebfd.get ());
 
       m_exec_filename.reset ();
     }