From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-84531-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 14592 invoked by alias); 19 Oct 2011 17:02:13 -0000
Received: (qmail 14575 invoked by uid 22791); 19 Oct 2011 17:02:11 -0000
X-SWARE-Spam-Status: No, hits=-1.8 required=5.0	tests=AWL,BAYES_00
X-Spam-Check-By: sourceware.org
Received: from relay1.mentorg.com (HELO relay1.mentorg.com) (192.94.38.131)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 19 Oct 2011 17:01:56 +0000
Received: from nat-ies.mentorg.com ([192.94.31.2] helo=EU1-MAIL.mgc.mentorg.com)	by relay1.mentorg.com with esmtp 	id 1RGZWc-0005Bq-GE from pedro_alves@mentor.com ; Wed, 19 Oct 2011 10:01:54 -0700
Received: from scottsdale.localnet ([172.16.63.104]) by EU1-MAIL.mgc.mentorg.com with Microsoft SMTPSVC(6.0.3790.1830);	 Wed, 19 Oct 2011 18:01:52 +0100
From: Pedro Alves <pedro@codesourcery.com>
To: gdb-patches@sourceware.org
Subject: Re: [Bug-readline] [readline patch, gdb-7.3?] Avoid free from a signal handler [Re: [PATCH] Make interrupting tab-completion safe.]
Date: Wed, 19 Oct 2011 17:51:00 -0000
User-Agent: KMail/1.13.6 (Linux/2.6.38-11-generic; KDE/4.7.1; x86_64; ; )
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>, Chet Ramey <chet.ramey@case.edu>, bug-readline@gnu.org, Sterling Augustine <saugustine@google.com>
References: <20110612121158.GA10611@host1.jankratochvil.net> <4E15A220.4030404@case.edu> <20111019163257.GA20394@host1.jankratochvil.net>
In-Reply-To: <20111019163257.GA20394@host1.jankratochvil.net>
MIME-Version: 1.0
Content-Type: Text/Plain;  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201110191801.50853.pedro@codesourcery.com>
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2011-10/txt/msg00534.txt.bz2

On Wednesday 19 October 2011 17:32:57, Jan Kratochvil wrote:
> On Thu, 07 Jul 2011 14:10:08 +0200, Chet Ramey wrote:
> > The impression I got from your earlier message is that is is very easy
> > to reproduce using a GDB .exp file:
> > 
> > "Used this GDB .exp file, reproducible in several seconds"
> > 
> > All I am asking you do to is to check whether you can reproduce it using
> > the same .exp file after removing references to _rl_interrupt_immediately
> > in complete.c.
> 
> After removing the workaround:
> 	https://lists.gnu.org/archive/html/bug-readline/2011-06/msg00003.html
> 
> and removing the changes of _rl_interrupt_immediately in complete.c the
> memory corruption is still reproducible:
> *** glibc detected *** .../gdb/testsuite/../../gdb/gdb: munmap_chunk(): invalid pointer: 0x000000000718ef70 ***

This is gdb's readline copy, but:

 static RETSIGTYPE
 rl_signal_handler (sig)
      int sig;
 {
   if (_rl_interrupt_immediately || RL_ISSTATE(RL_STATE_CALLBACK))
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     {
       _rl_interrupt_immediately = 0;
       _rl_handle_signal (sig);
     }
   else
     _rl_caught_signal = sig;
 
   SIGHANDLER_RETURN;
 }

and GDB uses readline's callback interface.

-- 
Pedro Alves