From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29050 invoked by alias); 14 Jul 2008 16:45:30 -0000 Received: (qmail 28658 invoked by uid 22791); 14 Jul 2008 16:45:28 -0000 X-Spam-Check-By: sourceware.org Received: from igw1.br.ibm.com (HELO igw1.br.ibm.com) (32.104.18.24) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 14 Jul 2008 16:45:02 +0000 Received: from mailhub3.br.ibm.com (mailhub3 [9.18.232.110]) by igw1.br.ibm.com (Postfix) with ESMTP id 78BFE32C268 for ; Mon, 14 Jul 2008 13:17:35 -0300 (BRT) Received: from d24av02.br.ibm.com (d24av02.br.ibm.com [9.18.232.47]) by mailhub3.br.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m6EGPlUY5062826 for ; Mon, 14 Jul 2008 13:42:15 -0300 Received: from d24av02.br.ibm.com (loopback [127.0.0.1]) by d24av02.br.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m6EFCIPa028651 for ; Mon, 14 Jul 2008 12:12:18 -0300 Received: from [9.8.1.17] ([9.8.1.17]) by d24av02.br.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id m6EFCHhv027888 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Jul 2008 12:12:18 -0300 Subject: Re: [patch] Fix a crash due to a VALUE double free From: Luis Machado Reply-To: luisgpm@linux.vnet.ibm.com To: Jan Kratochvil Cc: gdb-patches@sources.redhat.com In-Reply-To: <20080707211819.GA26204@host0.dyn.jankratochvil.net> References: <20080707211819.GA26204@host0.dyn.jankratochvil.net> Content-Type: text/plain Date: Mon, 14 Jul 2008 16:45:00 -0000 Message-Id: <1216048317.2607.2.camel@gargoyle> Mime-Version: 1.0 X-Mailer: Evolution 2.12.1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2008-07/txt/msg00282.txt.bz2 Hi Jan, This testcase is currently failing for PPC64. Running /home/luis/src/gdb/gdb-head/HEAD/gdb/testsuite/gdb.base/value-double-free.exp ... FAIL: gdb.base/value-double-free.exp: continue FAIL: gdb.base/value-double-free.exp: print empty() More complete log: (gdb) run ^M Starting program: /home/luis/builds/gdb-head/DFP/gdb/testsuite/gdb.base/value-double-free ^M ^M Breakpoint 1, main () at /home/luis/src/gdb/gdb-head/HEAD/gdb/testsuite/gdb.base/value-double-free.c:31^M 31 var = 1;^M (gdb) watch var^M Hardware watchpoint 2: var^M (gdb) PASS: gdb.base/value-double-free.exp: watch var continue^M Continuing.^M Target is executing.^M (gdb) FAIL: gdb.base/value-double-free.exp: continue print empty()^M Target is executing.^M (gdb) FAIL: gdb.base/value-double-free.exp: print empty() help help^M Print list of commands.^M (gdb) PASS: gdb.base/value-double-free.exp: help help testcase /home/luis/src/gdb/gdb-head/HEAD/gdb/testsuite/gdb.base/value-double-free.exp completed in 1 seconds On Mon, 2008-07-07 at 23:18 +0200, Jan Kratochvil wrote: > Hi, > > it crashes if you call an inferior function right after a watchpoint hit. > > Bugreported with a reproducer by Jakub Jelinek. > > > Regards, > Jan > plain text document attachment (gdb-value-double-free.patch) > gdb/ > 2008-07-07 Jan Kratochvil > > * breakpoint.c (bpstat_copy): Call RELEASE_VALUE on the new OLD_VAL. > > gdb/testsuite/ > 2008-07-07 Jan Kratochvil > > * gdb.base/value-double-free.exp, gdb.base/value-double-free.c: New. > > --- gdb/breakpoint.c 28 Jun 2008 09:42:15 -0000 1.327 > +++ gdb/breakpoint.c 7 Jul 2008 21:12:14 -0000 > @@ -1996,7 +1996,10 @@ bpstat_copy (bpstat bs) > if (bs->commands != NULL) > tmp->commands = copy_command_lines (bs->commands); > if (bs->old_val != NULL) > - tmp->old_val = value_copy (bs->old_val); > + { > + tmp->old_val = value_copy (bs->old_val); > + release_value (tmp->old_val); > + } > > if (p == NULL) > /* This is the first thing in the chain. */ > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ gdb/testsuite/gdb.base/value-double-free.c 7 Jul 2008 21:12:17 -0000 > @@ -0,0 +1,36 @@ > +/* This testcase is part of GDB, the GNU debugger. > + > + Copyright 2008 Free Software Foundation, Inc. > + > + This program is free software; you can redistribute it and/or modify > + it under the terms of the GNU General Public License as published by > + the Free Software Foundation; either version 3 of the License, or > + (at your option) any later version. > + > + This program is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + GNU General Public License for more details. > + > + You should have received a copy of the GNU General Public License > + along with this program. If not, see . > + > + Please email any bugs, comments, and/or additions to this file to: > + bug-gdb@prep.ai.mit.edu */ > + > +volatile int var; > + > +void > +empty (void) > +{ > +} > + > +int > +main (void) > +{ > + var = 1; > + /* Workaround PR 38: We may miss the first watchpoint hit as we stop on the > + exact instruction which would cause the watchpoint hit. */ > + var = 2; > + return 0; > +} > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ gdb/testsuite/gdb.base/value-double-free.exp 7 Jul 2008 21:12:17 -0000 > @@ -0,0 +1,38 @@ > +# Copyright 2008 Free Software Foundation, Inc. > + > +# This program is free software; you can redistribute it and/or modify > +# it under the terms of the GNU General Public License as published by > +# the Free Software Foundation; either version 3 of the License, or > +# (at your option) any later version. > +# > +# This program is distributed in the hope that it will be useful, > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > +# > +# You should have received a copy of the GNU General Public License > +# along with this program. If not, see . > + > +set testfile value-double-free > +set srcfile ${testfile}.c > +set binfile ${objdir}/${subdir}/${testfile} > +if { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}" executable {debug}] != "" } { > + untested "Couldn't compile test program" > + return -1 > +} > + > +# Get things started. > + > +gdb_exit > +gdb_start > +gdb_reinitialize_dir $srcdir/$subdir > +gdb_load ${binfile} > + > +if ![runto_main] { > + return -1 > +} > +gdb_test "watch var" "atchpoint \[0-9\]+: var" > +gdb_test "continue" "atchpoint \[0-9\]+: var.*Old value = 0.*New value = \[12\].*" > +gdb_test "print empty()" " = void" > +# We did segfault here. > +gdb_test "help help" -- Luis Machado Software Engineer IBM Linux Technology Center