From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephane Carrez To: gdb-patches@cygnus.com Subject: Correction of a crash in sim_memory_uninstall Date: Sat, 03 Apr 1999 12:27:00 -0000 Message-ID: <37066006.ACFDED96@worldnet.fr> X-SW-Source: 1999-04/msg00000.html Message-ID: <19990403122700.xOfUHDCbkYvI18PYZGaHbH2KPX1lPw_j8nHKfzsOuMM@z> Hi! I've found a problem in the common part of the simulator. It crashes in `sim_memory_uninstall' when the simulator terminates. The problem is when this operation walks a list and frees the sim_memopt objects. It frees the entry (line 457, call to zfree) and then gets the pointer to the next one, accessing the freed data (line 461, *entry = (*entry)->next). One fix consist in updating 'entry' before the while loop. Hope this helps, Stephane *** /src/gnu/gdb-19990330/sim/common/sim-memopt.c Thu Jan 28 15:13:33 1999 --- sim-memopt.c Sat Apr 3 20:06:42 1999 *************** *** 449,454 **** --- 449,457 ---- /* delete it and its aliases */ alias = *entry; + + /* next victim */ + *entry = (*entry)->next; while (alias != NULL) { sim_memopt *dead = alias; *************** *** 456,464 **** sim_core_detach (sd, NULL, dead->level, dead->space, dead->addr); zfree (dead); } - - /* next victim */ - *entry = (*entry)->next; } } --- 459,464 ---- >From phdm@macqel.be Wed Apr 07 10:43:00 1999 From: "Philippe De Muyter" To: gdb-patches@cygnus.com (gdb-patches@cygnus.com) Subject: testsuite/print_long_arg_list Date: Wed, 07 Apr 1999 10:43:00 -0000 Message-id: <199904071649.SAA28333@mail.macqel.be> X-SW-Source: 1999-04/msg00001.html Content-length: 2437 Running the testsuite with gdb-4.17.87 on m68k-motorola-sysv, I got (among others) the following failure : print_long_arg_list (a=22.219999999999998, b=33.332999999999998, c=0, d=-25, e=1 00, f=2345, struct1={value = 6, head = 0}, struct2={value = 10, head = 0}, struc t3={value = 12, head = 0}, struct4={value = 14, head = 0}, flags={alpha = 1, bet a = 0, gamma = 1, delta = 0, epsilon = 1, omega = 0}, flags_combo={alpha = 1, be ta = 0, ch1 = 121 'y', gamma = 1, delta = 0, ch2 = 110 'n', epsilon = 1, omega = 0}, three_char={ch1 = 97 'a', ch2 = 98 'b', ch3 = 99 'c'}, five_char={ch1 = 108 'l', ch2 = 109 'm', ch3 = 110 'n', ch4 = 111 'o', ch5 = 112 'p'}, int_char_comb o={int1 = 123, ch1 = 122 'z'}, d1={double1 = 10.5}, d2={double1 = -3.33999999999 99998}, d3={double1 = 675.09122999999999}, f1={float1 = 45.2340012, float2 = 43. 5999985}, f2={float1 = 78.0100021, float2 = 122.099998}, f3={float1 = -1232.3449 7, float2 = -199.210007}) at call-ar-st.c:813 813 printf("double : %f\n", a); (gdb) FAIL: gdb.base/call-ar-st.exp: step into print_long_arg_list Looking at the expected result, I see : gdb_expect { -re ".*print_long_arg_list \\(a=22.219999999999999, b=33.332999999999998 , c=0, d=-25, e=100, f=2345, struct1=\{value = 6, head = 0\}, struct2=\{value = 10, head = 0\}, struct3=\{value = 12, head = 0\}, struct4=\{value = 14, head = 0 \}, flags=\{alpha = 1, beta = 0, gamma = 1, delta = 0, epsilon = 1, omega = 0\}, flags_combo=\{alpha = 1, beta = 0, ch1 = 121 \'y\', gamma = 1, delta = 0, ch2 = 110 \'n\', epsilon = 1, omega = 0\}, three_char=\{ch1 = 97 \'a\', ch2 = 98 \'b\ ', ch3 = 99 \'c\'\}, five_char=\{ch1 = 108 \'l\', ch2 = 109 \'m\', ch3 = 110 \'n \', ch4 = 111 \'o\', ch5 = 112 \'p\'\}, int_char_combo=\{int1 = 123, ch1 = 122 \ 'z\'\}, d1=\{double1 = 10.5\}, d2=\{double1 = -3.3399999999999999\}, d3=\{double 1 = 675.09123\}, f1=\{float1 = 45.2340012, float2 = 43.5999985\}, f2=\{float1 = 78.0100021, float2 = 122.099998\}, f3=\{float1 = -1232.34497, float2 = -199.2100 07\}\\) at ${srcdir}/${subdir}/${srcfile}:813\[\r\n\]+813\[ \t\]+printf\\(\"doub le :.*\", a\\);.*$gdb_prompt $" {pass "step into print_long_arg_list"} -re ".*$gdb_prompt $" { fail "step into print_long_arg_list" } timeout { fail "step into print_long_arg_list (timeout)" } } For me, the differences are in the last digits of some float or double numbers. Isn't the test too strict ? Philippe