From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-57169-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 14990 invoked by alias); 11 Jul 2008 03:37:34 -0000
Received: (qmail 14970 invoked by uid 22791); 11 Jul 2008 03:37:33 -0000
X-Spam-Check-By: sourceware.org
Received: from mtagate4.de.ibm.com (HELO mtagate4.de.ibm.com) (195.212.29.153)     by sourceware.org (qpsmtpd/0.31) with ESMTP; Fri, 11 Jul 2008 03:37:12 +0000
Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) 	by mtagate4.de.ibm.com (8.13.8/8.13.8) with ESMTP id m6B3b6Fc228376 	for <gdb-patches@sourceware.org>; Fri, 11 Jul 2008 03:37:06 GMT
Received: from d12av02.megacenter.de.ibm.com (d12av02.megacenter.de.ibm.com [9.149.165.228]) 	by d12nrmr1607.megacenter.de.ibm.com (8.13.8/8.13.8/NCO v9.0) with ESMTP id m6B3b6Mj4227118 	for <gdb-patches@sourceware.org>; Fri, 11 Jul 2008 05:37:06 +0200
Received: from d12av02.megacenter.de.ibm.com (loopback [127.0.0.1]) 	by d12av02.megacenter.de.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m6B3b56v004700 	for <gdb-patches@sourceware.org>; Fri, 11 Jul 2008 05:37:06 +0200
Received: from tuxmaker.boeblingen.de.ibm.com (tuxmaker.boeblingen.de.ibm.com [9.152.85.9]) 	by d12av02.megacenter.de.ibm.com (8.12.11.20060308/8.12.11) with SMTP id m6B3b5FB004696; 	Fri, 11 Jul 2008 05:37:05 +0200
Message-Id: <200807110337.m6B3b5FB004696@d12av02.megacenter.de.ibm.com>
Received: by tuxmaker.boeblingen.de.ibm.com (sSMTP sendmail emulation); Fri, 11 Jul 2008 05:37:05 +0200
Subject: [gdbserver] Uninitialized variable in linux-low.c:handle_extended_wait
To: gdb-patches@sourceware.org
Date: Fri, 11 Jul 2008 03:37:00 -0000
From: "Ulrich Weigand" <uweigand@de.ibm.com>
Cc: drow@false.org
X-Mailer: ELM [version 2.5 PL2]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2008-07/txt/msg00181.txt.bz2

Hello,

I've got a test case where a newly created thread reports a SIGSTOP
event *before* its parent reports the PTRACE_EVENT_CLONE event.

This is supposed to be handled via the "stopped_pids" list, but it
looks like this doesn't actually work, because in this case the
handle_extended_wait routine accesses an uninitialized variable:

      unsigned long new_pid;
      int ret, status;

      ptrace (PTRACE_GETEVENTMSG, inferior_pid, 0, &new_pid);

      /* If we haven't already seen the new PID stop, wait for it now.  */
      if (! pull_pid_from_list (&stopped_pids, new_pid))
        {
          /* The new child has a pending SIGSTOP.  We can't affect it until it
             hits the SIGSTOP, but we're already attached.  */

          do {
            ret = waitpid (new_pid, &status, __WALL);
          } while (ret == -1 && errno == EINTR);
[...]
        }
[...]
      /* Normally we will get the pending SIGSTOP.  But in some cases
         we might get another signal delivered to the group first.
         If we do, be sure not to lose it.  */
      if (WSTOPSIG (status) == SIGSTOP)
        {
          if (stopping_threads)
            new_process->stopped = 1;
          else
            ptrace (PTRACE_CONT, new_pid, 0, 0);
        }
      else
        {
          new_process->stop_expected = 1;
          if (stopping_threads)
            {
              new_process->stopped = 1;
              new_process->status_pending_p = 1;
              new_process->status_pending = status;
            }
          else
            /* Pass the signal on.  This is what GDB does - except
               shouldn't we really report it instead?  */
            ptrace (PTRACE_CONT, new_pid, 0, WSTOPSIG (status));
        }


Note how "status" is used uninitialized if pull_pid_from_list
returns true.  In my case, this causes the "else" branch to be
taken, which sets "stop_expected", which causes gdbserver to
hang later on while waiting on the SIGSTOP which actually 
already arrived ...

I'm not quite sure how to handle this -- I assume processes
on the stopped_pids list should always be handled as if they
got a SIGSTOP?  The following patch fixes the hang for me ...

Does this make sense?

Bye,
Ulrich


ChangeLog:

	* linux-low.c (handle_extended_wait): Do not use "status"
	variable uninitialized.

--- linux-low.c.orig    2008-07-11 05:21:43.185268918 +0200
+++ linux-low.c 2008-07-11 05:22:48.855806784 +0200
@@ -156,7 +156,7 @@
   if (event == PTRACE_EVENT_CLONE)
     {
       unsigned long new_pid;
-      int ret, status;
+      int ret, status = W_STOPCODE (SIGSTOP);

       ptrace (PTRACE_GETEVENTMSG, inferior_pid, 0, &new_pid);



-- 
  Dr. Ulrich Weigand
  GNU Toolchain for Linux on System z and Cell BE
  Ulrich.Weigand@de.ibm.com