Re: [PATCH] Fix gdb crash with tui

[Jan Kratochvil <jan.kratochvil@redhat.com>]

On Sat, 09 Mar 2013 15:13:34 +0100, Hui Zhu wrote:
> I got crash when I use tui.  The steps to reproduce is:
> gdb gdb
> b gdb_main
> r
> Ctrl-x A change to TUI mode.
> Keep click <UP> some times.
> Keep click <Down> some times.
> Then you can get "---Type <return> to continue, or q <return> to quit---"
> Click <return>.
> Then the GDB crash.
> 
> I think this issue is this part should not output "---Type <return> to
> continue, or q <return> to quit---".

The patch is really not acceptable, there may be some memory corruption which
gets only hidden by the patch.

I do not get a crash and not even that prompt.  Could you provide a backtrace?
Or even to run parent GDB under valgrind?

When I ran it under valgrind I got:
==22920== Source and destination overlap in strcpy(0xefbaed0, 0xefbaed0)
==22920==    at 0x4C2B322: strcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22920==    by 0x653E33: tui_set_source_content (tui-source.c:225)
==22920==    by 0x6582C3: tui_update_source_window_as_is (tui-winsource.c:99)
==22920==    by 0x658276: tui_update_source_window (tui-winsource.c:81)
==22920==    by 0x654E47: tui_show_frame_info (tui-stack.c:406)
==22920==    by 0x659ABF: tui_enable (tui.c:423)

With the debug hook below showing strcpy(sameptr,sameptr).

Couldn't this patch (best without the 3rd debug hunk) fix your problem?
But maybe it is really unrelated.


Thanks,
Jan


gdb/
2013-03-11  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* tui/tui-source.c (tui_set_source_content): Allocate and free SRC_LINE
	always.

diff --git a/gdb/tui/tui-source.c b/gdb/tui/tui-source.c
index e599382..41e7aa6 100644
--- a/gdb/tui/tui-source.c
+++ b/gdb/tui/tui-source.c
@@ -116,9 +116,7 @@ tui_set_source_content (struct symtab *s,
 		  src->gdbarch = get_objfile_arch (s->objfile);
 		  src->start_line_or_addr.loa = LOA_LINE;
 		  cur_line_no = src->start_line_or_addr.u.line_no = line_no;
-		  if (offset > 0)
-		    src_line = (char *) xmalloc (
-					   (threshold + 1) * sizeof (char));
+		  src_line = xmalloc (threshold + 1);
 		  while (cur_line < nlines)
 		    {
 		      struct tui_win_element *element
@@ -128,10 +126,6 @@ tui_set_source_content (struct symtab *s,
 		      /* Get the first character in the line.  */
 		      c = fgetc (stream);
 
-		      if (offset == 0)
-			src_line = ((struct tui_win_element *)
-				   TUI_SRC_WIN->generic.content[
-					cur_line])->which_element.source.line;
 		      /* Init the line with the line number.  */
 		      sprintf (src_line, "%-6d", cur_line_no);
 		      cur_len = strlen (src_line);
@@ -222,9 +216,20 @@ tui_set_source_content (struct symtab *s,
 		      /* Now copy the line taking the offset into
 			 account.  */
 		      if (strlen (src_line) > offset)
+{
+char *a=((struct tui_win_element *)
+				 TUI_SRC_WIN->generic.content[cur_line])->which_element.source.line;
+char *b=&src_line[offset];
+size_t l=strlen(b)+1;
+if (a==b
+||(a<b&&a+l>b)
+||(b<a&&b+l>a)
+)
+sleep(0);
 			strcpy (((struct tui_win_element *)
 				 TUI_SRC_WIN->generic.content[cur_line])->which_element.source.line,
 				&src_line[offset]);
+}
 		      else
 			((struct tui_win_element *)
 			 TUI_SRC_WIN->generic.content[
@@ -232,8 +237,7 @@ tui_set_source_content (struct symtab *s,
 		      cur_line++;
 		      cur_line_no++;
 		    }
-		  if (offset > 0)
-		    xfree (src_line);
+		  xfree (src_line);
 		  fclose (stream);
 		  TUI_SRC_WIN->generic.content_size = nlines;
 		  ret = TUI_SUCCESS;