From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15010 invoked by alias); 21 Jun 2006 10:50:50 -0000 Received: (qmail 13642 invoked by uid 22791); 21 Jun 2006 10:50:48 -0000 X-Spam-Check-By: sourceware.org Received: from lon-del-04.spheriq.net (HELO lon-del-04.spheriq.net) (195.46.50.101) by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 21 Jun 2006 10:50:43 +0000 Received: from lon-out-03.spheriq.net ([195.46.50.131]) by lon-del-04.spheriq.net with ESMTP id k5LAodhY016630 for ; Wed, 21 Jun 2006 10:50:39 GMT Received: from lon-cus-01.spheriq.net (lon-cus-01.spheriq.net [195.46.50.37]) by lon-out-03.spheriq.net with ESMTP id k5LAocXM012098 for ; Wed, 21 Jun 2006 10:50:38 GMT Received: from beta.dmz-eu.st.com (beta.dmz-eu.st.com [164.129.1.35]) by lon-cus-01.spheriq.net with ESMTP id k5LAobjH020737 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Wed, 21 Jun 2006 10:50:38 GMT Received: from zeta.dmz-eu.st.com (ns2.st.com [164.129.230.9]) by beta.dmz-eu.st.com (STMicroelectronics) with ESMTP id F10B5DA42 for ; Wed, 21 Jun 2006 10:50:36 +0000 (GMT) Received: from mail1.bri.st.com (mail1.bri.st.com [164.129.8.218]) by zeta.dmz-eu.st.com (STMicroelectronics) with ESMTP id A60E74740E for ; Wed, 21 Jun 2006 10:50:36 +0000 (GMT) Received: from [164.129.15.13] (bri1043.bri.st.com [164.129.15.13]) by mail1.bri.st.com (MOS 3.5.8-GR) with ESMTP id CHT11308 (AUTH stubbsa); Wed, 21 Jun 2006 11:50:35 +0100 (BST) Message-ID: <4499247B.7050404@st.com> Date: Wed, 21 Jun 2006 10:50:00 -0000 From: Andrew STUBBS User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: gdb-patches@sourceware.org Subject: Re: [PATCH] Fix segfault on empty else References: <44980741.4040404@st.com> <20060620201752.GA1453@nevyn.them.org> In-Reply-To: <20060620201752.GA1453@nevyn.them.org> Content-Type: multipart/mixed; boundary="------------040806030701050606030803" X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2006-06/txt/msg00309.txt.bz2 This is a multi-part message in MIME format. --------------040806030701050606030803 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-length: 889 Daniel Jacobowitz wrote: > On Tue, Jun 20, 2006 at 03:33:37PM +0100, Andrew STUBBS wrote: >> 2006-06-20 Andrew Stubbs >> >> * cli/cli-script.c (realloc_body_list): Zero new parts of body_list. > > OK, thanks! Thanks, committed. > Want to add a corresponding test? Though it likely wouldn't crash, > unless you tried running the testsuite under valgrind. How about the attached? It is somewhat tricky trying to reliably reproduce the problem without valgrind, as you say. I have put in a few commands that are intended to run through the same code and will, most likely, allocate memory in the same place, in order to ensure that the crash occurs. This is a little hopeful, but what else can I do? This works for me, but could you please confirm that it works in your setup/host (without the patch to fix the problem of course). Thanks Andrew --------------040806030701050606030803 Content-Type: text/plain; name="empty-else-test.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="empty-else-test.patch" Content-length: 3985 2006-06-21 Andrew Stubbs * gdb.base/ifelse.exp: New file. Index: src/gdb/testsuite/gdb.base/ifelse.exp =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ src/gdb/testsuite/gdb.base/ifelse.exp 2006-06-21 11:35:04.000000000 +0100 @@ -0,0 +1,138 @@ +# Copyright 2006 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +# This test checks that the if .. else .. end construct works and may +# contain empty bodies without crashing. + +if $tracelevel then { + strace $tracelevel +} + +gdb_exit +gdb_start + +# First test that the if command works with an empty body +# Test with different conditions because the body is ignored +# if it is not executed. + +# with true condition +send_gdb "if 1\nend\necho got here\\n\n" +gdb_expect { + -re ".*got here.*$gdb_prompt $" { + pass "if 1 with empty body" + } + eof { + fail "if 1 with empty body (crash)" + gdb_exit + gdb_start + } + timeout { + fail "if 1 with empty body (timeout)" + gdb_exit + gdb_start + } +} + +# with false condition +send_gdb "if 0\nend\necho got here\\n\n" +gdb_expect { + -re ".*got here.*$gdb_prompt $" { + pass "if 0 with empty body" + } + eof { + fail "if 0 with empty body (crash)" + gdb_exit + gdb_start + } + timeout { + fail "if 0 with empty body (timeout)" + gdb_exit + gdb_start + } +} + +# Second, do the same tests with an empty else body. +# This fails in GDB <=6.5 + +# Unfortunately it was an uninitialised memory problem so +# sometimes it just works. Preceed it with an if else end with +# bodies and hopefully the memory with be dirty and the problem +# will show itself (this works at time of writing). + +send_gdb "if 1\necho true\\n\nelse\necho false\\n\nend\n" + +# with true condition +send_gdb "if 1\nelse\nend\necho got here\\n\n" +gdb_expect { + -re ".*got here.*$gdb_prompt $" { + pass "if 1 .. else with empty body" + } + eof { + fail "if 1 .. else with empty body (crash)" + gdb_exit + gdb_start + } + timeout { + fail "if 1 .. else with empty body (timeout)" + gdb_exit + gdb_start + } +} + +# dirty memory +send_gdb "if 1\necho true\\n\nelse\necho false\\n\nend\n" + +# with false condition +send_gdb "if 0\nelse\nend\necho got here\\n\n" +gdb_expect { + -re ".*got here.*$gdb_prompt $" { + pass "if 0 .. else with empty body" + } + eof { + fail "if 0 .. else with empty body (crash)" + gdb_exit + gdb_start + } + timeout { + fail "if 0 .. else with empty body (timeout)" + gdb_exit + gdb_start + } +} + +send_gdb "set confirm off\n" + +# Test that a define with an empty else can be replaced. +# If there is memory corruption then free will fail. +# dirty memory +send_gdb "if 1\necho true\\n\nelse\necho false\\n\nend\n" +# create +send_gdb "define abc\nif 1\nelse\nend\nend\n" +# replace +send_gdb "define abc\necho got here\\n\nend\n" +# call +send_gdb "abc\n" +gdb_expect { + -re ".*\[\r\n]got here\[\n\r].*$gdb_prompt $" { + pass "replace define with if .. else with empty body" + } + eof { + fail "replace define with if .. else with empty body (crash)" + } + timeout { + fail "replace define with if .. else with empty body (timeout)" + } +} --------------040806030701050606030803--