[patch] Fix a crash due to a VALUE double free

[Jan Kratochvil <jan.kratochvil@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 143 bytes --]

Hi,

it crashes if you call an inferior function right after a watchpoint hit.

Bugreported with a reproducer by Jakub Jelinek.


Regards,
Jan

[-- Attachment #2: gdb-value-double-free.patch --]
[-- Type: text/plain, Size: 3452 bytes --]

gdb/
2008-07-07  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* breakpoint.c (bpstat_copy): Call RELEASE_VALUE on the new OLD_VAL.

gdb/testsuite/
2008-07-07  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* gdb.base/value-double-free.exp, gdb.base/value-double-free.c: New.

--- gdb/breakpoint.c	28 Jun 2008 09:42:15 -0000	1.327
+++ gdb/breakpoint.c	7 Jul 2008 21:12:14 -0000
@@ -1996,7 +1996,10 @@ bpstat_copy (bpstat bs)
       if (bs->commands != NULL)
 	tmp->commands = copy_command_lines (bs->commands);
       if (bs->old_val != NULL)
-	tmp->old_val = value_copy (bs->old_val);
+	{
+	  tmp->old_val = value_copy (bs->old_val);
+	  release_value (tmp->old_val);
+	}
 
       if (p == NULL)
 	/* This is the first thing in the chain.  */
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ gdb/testsuite/gdb.base/value-double-free.c	7 Jul 2008 21:12:17 -0000
@@ -0,0 +1,36 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2008 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+   Please email any bugs, comments, and/or additions to this file to:
+   bug-gdb@prep.ai.mit.edu  */
+
+volatile int var;
+
+void
+empty (void)
+{
+}
+
+int
+main (void)
+{
+  var = 1;
+  /* Workaround PR 38: We may miss the first watchpoint hit as we stop on the
+     exact instruction which would cause the watchpoint hit.  */
+  var = 2;
+  return 0;
+}
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ gdb/testsuite/gdb.base/value-double-free.exp	7 Jul 2008 21:12:17 -0000
@@ -0,0 +1,38 @@
+# Copyright 2008 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+set testfile value-double-free
+set srcfile ${testfile}.c
+set binfile ${objdir}/${subdir}/${testfile}
+if  { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}" executable {debug}] != "" } {
+    untested "Couldn't compile test program"
+    return -1
+}
+
+# Get things started.
+
+gdb_exit
+gdb_start
+gdb_reinitialize_dir $srcdir/$subdir
+gdb_load ${binfile}
+
+if ![runto_main] {
+    return -1
+}
+gdb_test "watch var" "atchpoint \[0-9\]+: var"
+gdb_test "continue" "atchpoint \[0-9\]+: var.*Old value = 0.*New value = \[12\].*"
+gdb_test "print empty()" " = void"
+# We did segfault here.
+gdb_test "help help"