[Lldb-commits] [PATCH] D45011: Prevent double release of mach ports

Wed, 28 Mar 2018 18:05:22 -0700 

friss created this revision.
friss added a reviewer: jasonmolenda.

When a MIG routine returns KERN_FAILURE, the demux function will release any 
OOL resources like ports. In this case, task_port and thread_port will be 
released twice, potentially resulting in use after free of the ports.

I don't think we can test this in any useful way
rdar://problem/37331387


https://reviews.llvm.org/D45011

Files:
  source/Plugins/Process/Darwin/MachException.cpp
  tools/debugserver/source/MacOSX/MachException.cpp


Index: tools/debugserver/source/MacOSX/MachException.cpp
===================================================================
--- tools/debugserver/source/MacOSX/MachException.cpp
+++ tools/debugserver/source/MacOSX/MachException.cpp
@@ -86,8 +86,6 @@
                    (uint64_t)(exc_data_count > 0 ? exc_data[0] : 0xBADDBADD),
                    (uint64_t)(exc_data_count > 1 ? exc_data[1] : 0xBADDBADD));
   }
-  mach_port_deallocate(mach_task_self(), task_port);
-  mach_port_deallocate(mach_task_self(), thread_port);
 
   return KERN_FAILURE;
 }
Index: source/Plugins/Process/Darwin/MachException.cpp
===================================================================
--- source/Plugins/Process/Darwin/MachException.cpp
+++ source/Plugins/Process/Darwin/MachException.cpp
@@ -92,8 +92,6 @@
                 (uint64_t)(exc_data_count > 0 ? exc_data[0] : 0xBADDBADD),
                 (uint64_t)(exc_data_count > 1 ? exc_data[1] : 0xBADDBADD));
   }
-  mach_port_deallocate(mach_task_self(), task_port);
-  mach_port_deallocate(mach_task_self(), thread_port);
 
   return KERN_FAILURE;
 }



Index: tools/debugserver/source/MacOSX/MachException.cpp
===================================================================
--- tools/debugserver/source/MacOSX/MachException.cpp
+++ tools/debugserver/source/MacOSX/MachException.cpp
@@ -86,8 +86,6 @@
                    (uint64_t)(exc_data_count > 0 ? exc_data[0] : 0xBADDBADD),
                    (uint64_t)(exc_data_count > 1 ? exc_data[1] : 0xBADDBADD));
   }
-  mach_port_deallocate(mach_task_self(), task_port);
-  mach_port_deallocate(mach_task_self(), thread_port);
 
   return KERN_FAILURE;
 }
Index: source/Plugins/Process/Darwin/MachException.cpp
===================================================================
--- source/Plugins/Process/Darwin/MachException.cpp
+++ source/Plugins/Process/Darwin/MachException.cpp
@@ -92,8 +92,6 @@
                 (uint64_t)(exc_data_count > 0 ? exc_data[0] : 0xBADDBADD),
                 (uint64_t)(exc_data_count > 1 ? exc_data[1] : 0xBADDBADD));
   }
-  mach_port_deallocate(mach_task_self(), task_port);
-  mach_port_deallocate(mach_task_self(), thread_port);
 
   return KERN_FAILURE;
 }

_______________________________________________
lldb-commits mailing list
lldb-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

Reply via email to