From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26074 invoked by alias); 14 Jul 2008 17:35:55 -0000 Received: (qmail 26052 invoked by uid 22791); 14 Jul 2008 17:35:54 -0000 X-Spam-Check-By: sourceware.org Received: from igw2.br.ibm.com (HELO igw2.br.ibm.com) (32.104.18.25) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 14 Jul 2008 17:35:27 +0000 Received: from mailhub3.br.ibm.com (mailhub3 [9.18.232.110]) by igw2.br.ibm.com (Postfix) with ESMTP id 3911F17F67B for ; Mon, 14 Jul 2008 14:22:31 -0300 (BRT) Received: from d24av01.br.ibm.com (d24av01.br.ibm.com [9.18.232.46]) by mailhub3.br.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m6EHZ0ki3158250 for ; Mon, 14 Jul 2008 14:35:00 -0300 Received: from d24av01.br.ibm.com (loopback [127.0.0.1]) by d24av01.br.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m6EHYtWQ016679 for ; Mon, 14 Jul 2008 14:34:55 -0300 Received: from [9.8.1.17] ([9.8.1.17]) by d24av01.br.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id m6EHYsqT016658 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Jul 2008 14:34:54 -0300 Subject: Re: [patch] Fix a crash due to a VALUE double free From: Luis Machado Reply-To: luisgpm@linux.vnet.ibm.com To: Jan Kratochvil Cc: gdb-patches@sources.redhat.com In-Reply-To: <1216048317.2607.2.camel@gargoyle> References: <20080707211819.GA26204@host0.dyn.jankratochvil.net> <1216048317.2607.2.camel@gargoyle> Content-Type: text/plain Date: Mon, 14 Jul 2008 17:35:00 -0000 Message-Id: <1216056893.2607.20.camel@gargoyle> Mime-Version: 1.0 X-Mailer: Evolution 2.12.1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2008-07/txt/msg00286.txt.bz2 FYI The failures was due to a async-related regression introduced in PPC. Regards, Luis On Mon, 2008-07-14 at 12:11 -0300, Luis Machado wrote: > Hi Jan, > > > This testcase is currently failing for PPC64. > > Running /home/luis/src/gdb/gdb-head/HEAD/gdb/testsuite/gdb.base/value-double-free.exp ... > FAIL: gdb.base/value-double-free.exp: continue > FAIL: gdb.base/value-double-free.exp: print empty() > > More complete log: > > (gdb) run ^M > Starting > program: /home/luis/builds/gdb-head/DFP/gdb/testsuite/gdb.base/value-double-free ^M > ^M > Breakpoint 1, main () > at /home/luis/src/gdb/gdb-head/HEAD/gdb/testsuite/gdb.base/value-double-free.c:31^M > 31 var = 1;^M > (gdb) watch var^M > Hardware watchpoint 2: var^M > (gdb) PASS: gdb.base/value-double-free.exp: watch var > continue^M > Continuing.^M > Target is executing.^M > (gdb) FAIL: gdb.base/value-double-free.exp: continue > print empty()^M > Target is executing.^M > (gdb) FAIL: gdb.base/value-double-free.exp: print empty() > help help^M > Print list of commands.^M > (gdb) PASS: gdb.base/value-double-free.exp: help help > testcase /home/luis/src/gdb/gdb-head/HEAD/gdb/testsuite/gdb.base/value-double-free.exp completed in 1 seconds > > > On Mon, 2008-07-07 at 23:18 +0200, Jan Kratochvil wrote: > > Hi, > > > > it crashes if you call an inferior function right after a watchpoint hit. > > > > Bugreported with a reproducer by Jakub Jelinek. > > > > > > Regards, > > Jan > > plain text document attachment (gdb-value-double-free.patch) > > gdb/ > > 2008-07-07 Jan Kratochvil > > > > * breakpoint.c (bpstat_copy): Call RELEASE_VALUE on the new OLD_VAL. > > > > gdb/testsuite/ > > 2008-07-07 Jan Kratochvil > > > > * gdb.base/value-double-free.exp, gdb.base/value-double-free.c: New. > > > > --- gdb/breakpoint.c 28 Jun 2008 09:42:15 -0000 1.327 > > +++ gdb/breakpoint.c 7 Jul 2008 21:12:14 -0000 > > @@ -1996,7 +1996,10 @@ bpstat_copy (bpstat bs) > > if (bs->commands != NULL) > > tmp->commands = copy_command_lines (bs->commands); > > if (bs->old_val != NULL) > > - tmp->old_val = value_copy (bs->old_val); > > + { > > + tmp->old_val = value_copy (bs->old_val); > > + release_value (tmp->old_val); > > + } > > > > if (p == NULL) > > /* This is the first thing in the chain. */ > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ gdb/testsuite/gdb.base/value-double-free.c 7 Jul 2008 21:12:17 -0000 > > @@ -0,0 +1,36 @@ > > +/* This testcase is part of GDB, the GNU debugger. > > + > > + Copyright 2008 Free Software Foundation, Inc. > > + > > + This program is free software; you can redistribute it and/or modify > > + it under the terms of the GNU General Public License as published by > > + the Free Software Foundation; either version 3 of the License, or > > + (at your option) any later version. > > + > > + This program is distributed in the hope that it will be useful, > > + but WITHOUT ANY WARRANTY; without even the implied warranty of > > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + GNU General Public License for more details. > > + > > + You should have received a copy of the GNU General Public License > > + along with this program. If not, see . > > + > > + Please email any bugs, comments, and/or additions to this file to: > > + bug-gdb@prep.ai.mit.edu */ > > + > > +volatile int var; > > + > > +void > > +empty (void) > > +{ > > +} > > + > > +int > > +main (void) > > +{ > > + var = 1; > > + /* Workaround PR 38: We may miss the first watchpoint hit as we stop on the > > + exact instruction which would cause the watchpoint hit. */ > > + var = 2; > > + return 0; > > +} > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ gdb/testsuite/gdb.base/value-double-free.exp 7 Jul 2008 21:12:17 -0000 > > @@ -0,0 +1,38 @@ > > +# Copyright 2008 Free Software Foundation, Inc. > > + > > +# This program is free software; you can redistribute it and/or modify > > +# it under the terms of the GNU General Public License as published by > > +# the Free Software Foundation; either version 3 of the License, or > > +# (at your option) any later version. > > +# > > +# This program is distributed in the hope that it will be useful, > > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > +# GNU General Public License for more details. > > +# > > +# You should have received a copy of the GNU General Public License > > +# along with this program. If not, see . > > + > > +set testfile value-double-free > > +set srcfile ${testfile}.c > > +set binfile ${objdir}/${subdir}/${testfile} > > +if { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}" executable {debug}] != "" } { > > + untested "Couldn't compile test program" > > + return -1 > > +} > > + > > +# Get things started. > > + > > +gdb_exit > > +gdb_start > > +gdb_reinitialize_dir $srcdir/$subdir > > +gdb_load ${binfile} > > + > > +if ![runto_main] { > > + return -1 > > +} > > +gdb_test "watch var" "atchpoint \[0-9\]+: var" > > +gdb_test "continue" "atchpoint \[0-9\]+: var.*Old value = 0.*New value = \[12\].*" > > +gdb_test "print empty()" " = void" > > +# We did segfault here. > > +gdb_test "help help"