From: "Ulrich Weigand" <uweigand@de.ibm.com>
To: gdb-patches@sourceware.org
Cc: drow@false.org
Subject: [gdbserver] Uninitialized variable in linux-low.c:handle_extended_wait
Date: Fri, 11 Jul 2008 03:37:00 -0000 [thread overview]
Message-ID: <200807110337.m6B3b5FB004696@d12av02.megacenter.de.ibm.com> (raw)
Hello,
I've got a test case where a newly created thread reports a SIGSTOP
event *before* its parent reports the PTRACE_EVENT_CLONE event.
This is supposed to be handled via the "stopped_pids" list, but it
looks like this doesn't actually work, because in this case the
handle_extended_wait routine accesses an uninitialized variable:
unsigned long new_pid;
int ret, status;
ptrace (PTRACE_GETEVENTMSG, inferior_pid, 0, &new_pid);
/* If we haven't already seen the new PID stop, wait for it now. */
if (! pull_pid_from_list (&stopped_pids, new_pid))
{
/* The new child has a pending SIGSTOP. We can't affect it until it
hits the SIGSTOP, but we're already attached. */
do {
ret = waitpid (new_pid, &status, __WALL);
} while (ret == -1 && errno == EINTR);
[...]
}
[...]
/* Normally we will get the pending SIGSTOP. But in some cases
we might get another signal delivered to the group first.
If we do, be sure not to lose it. */
if (WSTOPSIG (status) == SIGSTOP)
{
if (stopping_threads)
new_process->stopped = 1;
else
ptrace (PTRACE_CONT, new_pid, 0, 0);
}
else
{
new_process->stop_expected = 1;
if (stopping_threads)
{
new_process->stopped = 1;
new_process->status_pending_p = 1;
new_process->status_pending = status;
}
else
/* Pass the signal on. This is what GDB does - except
shouldn't we really report it instead? */
ptrace (PTRACE_CONT, new_pid, 0, WSTOPSIG (status));
}
Note how "status" is used uninitialized if pull_pid_from_list
returns true. In my case, this causes the "else" branch to be
taken, which sets "stop_expected", which causes gdbserver to
hang later on while waiting on the SIGSTOP which actually
already arrived ...
I'm not quite sure how to handle this -- I assume processes
on the stopped_pids list should always be handled as if they
got a SIGSTOP? The following patch fixes the hang for me ...
Does this make sense?
Bye,
Ulrich
ChangeLog:
* linux-low.c (handle_extended_wait): Do not use "status"
variable uninitialized.
--- linux-low.c.orig 2008-07-11 05:21:43.185268918 +0200
+++ linux-low.c 2008-07-11 05:22:48.855806784 +0200
@@ -156,7 +156,7 @@
if (event == PTRACE_EVENT_CLONE)
{
unsigned long new_pid;
- int ret, status;
+ int ret, status = W_STOPCODE (SIGSTOP);
ptrace (PTRACE_GETEVENTMSG, inferior_pid, 0, &new_pid);
--
Dr. Ulrich Weigand
GNU Toolchain for Linux on System z and Cell BE
Ulrich.Weigand@de.ibm.com
next reply other threads:[~2008-07-11 3:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-11 3:37 Ulrich Weigand [this message]
2008-07-11 11:46 ` Daniel Jacobowitz
2008-07-12 22:24 ` Ulrich Weigand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200807110337.m6B3b5FB004696@d12av02.megacenter.de.ibm.com \
--to=uweigand@de.ibm.com \
--cc=drow@false.org \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox