Re: [PATCH] Fix gdb crash with tui

Mirror of the gdb-patches mailing list
 help / color / mirror / Atom feed

From: Hui Zhu <teawater@gmail.com>
To: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: gdb-patches ml <gdb-patches@sourceware.org>,
	Joel Brobecker <brobecker@adacore.com>
Subject: Re: [PATCH] Fix gdb crash with tui
Date: Tue, 12 Mar 2013 03:15:00 -0000	[thread overview]
Message-ID: <CANFwon1cLpJ5k_5gN-dxmLD4b1zzvwcg_LJf+Q-Ywx+f7H0nVA@mail.gmail.com> (raw)
In-Reply-To: <20130311192521.GA28983@host2.jankratochvil.net>

On Tue, Mar 12, 2013 at 3:25 AM, Jan Kratochvil
<jan.kratochvil@redhat.com> wrote:
> On Sat, 09 Mar 2013 15:13:34 +0100, Hui Zhu wrote:
>> I got crash when I use tui.  The steps to reproduce is:
>> gdb gdb
>> b gdb_main
>> r
>> Ctrl-x A change to TUI mode.
>> Keep click <UP> some times.
>> Keep click <Down> some times.
>> Then you can get "---Type <return> to continue, or q <return> to quit---"
>> Click <return>.
>> Then the GDB crash.
>>
>> I think this issue is this part should not output "---Type <return> to
>> continue, or q <return> to quit---".
>
> The patch is really not acceptable, there may be some memory corruption which
> gets only hidden by the patch.
>
> I do not get a crash and not even that prompt.  Could you provide a backtrace?
> Or even to run parent GDB under valgrind?
>
> When I ran it under valgrind I got:
> ==22920== Source and destination overlap in strcpy(0xefbaed0, 0xefbaed0)
> ==22920==    at 0x4C2B322: strcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==22920==    by 0x653E33: tui_set_source_content (tui-source.c:225)
> ==22920==    by 0x6582C3: tui_update_source_window_as_is (tui-winsource.c:99)
> ==22920==    by 0x658276: tui_update_source_window (tui-winsource.c:81)
> ==22920==    by 0x654E47: tui_show_frame_info (tui-stack.c:406)
> ==22920==    by 0x659ABF: tui_enable (tui.c:423)
>
> With the debug hook below showing strcpy(sameptr,sameptr).
>
> Couldn't this patch (best without the 3rd debug hunk) fix your problem?
> But maybe it is really unrelated.

After I patch this patch, GDB still crash:
#0  0x0000000000000000 in ?? ()
#1  0x0000000000770976 in rl_callback_read_char () at
../../src/readline/callback.c:220
#2  0x000000000061d9c5 in rl_callback_read_char_wrapper
(client_data=0x0) at ../../src/gdb/event-top.c:163
#3  0x000000000061de35 in stdin_event_handler (error=0,
client_data=0x0) at ../../src/gdb/event-top.c:371
#4  0x000000000061c951 in handle_file_event (data=...) at
../../src/gdb/event-loop.c:768
#5  0x000000000061be17 in process_event () at ../../src/gdb/event-loop.c:342
#6  0x000000000061bede in gdb_do_one_event () at ../../src/gdb/event-loop.c:406
#7  0x000000000061bf2f in start_event_loop () at ../../src/gdb/event-loop.c:431
#8  0x000000000061d9ef in cli_command_loop () at ../../src/gdb/event-top.c:176
#9  0x000000000061415f in current_interp_command_loop () at
../../src/gdb/interps.c:331
#10 0x0000000000614bff in captured_command_loop (data=0x0) at
../../src/gdb/main.c:256
#11 0x0000000000612eaa in catch_errors (func=0x614be4
<captured_command_loop>, func_args=0x0, errstring=0x9486bf "",
    mask=6) at ../../src/gdb/exceptions.c:546
#12 0x0000000000616000 in captured_main (data=0x7fff57836570) at
../../src/gdb/main.c:1033
#13 0x0000000000612eaa in catch_errors (func=0x614e95 <captured_main>,
func_args=0x7fff57836570, errstring=0x9486bf "",
    mask=6) at ../../src/gdb/exceptions.c:546
#14 0x0000000000616036 in gdb_main (args=0x7fff57836570) at
../../src/gdb/main.c:1042
#15 0x000000000045b7cf in main (argc=2, argv=0x7fff57836678) at
../../src/gdb/gdb.c:34

And I think the reason is when push <up> and <down> in tui mode, there
should not show "---Type <return> to continue, or q <return> to
quit---".

If we just fix this crash, there will be a lot of "---Type <return> to
continue, or q <return> to quit---". when push <up> and <down>.

And this is the backtrace that when tui output it:
#0  prompt_for_continue () at ../../src/gdb/utils.c:1863
#1  0x000000000071b2ce in fputs_maybe_filtered (linebuffer=0x142b890
"../../src/gdb/main.c", stream=0x136c110, filter=1)
    at ../../src/gdb/utils.c:2137
#2  0x000000000071b7b8 in vfprintf_maybe_filtered (stream=0x136c110,
format=0x97c1de "%s", args=0x7fffef19b388, filter=1)
    at ../../src/gdb/utils.c:2324
#3  0x000000000071b7f3 in vfprintf_filtered (stream=0x136c110,
format=0x97c1de "%s", args=0x7fffef19b388)
    at ../../src/gdb/utils.c:2332
#4  0x00000000006dcd17 in out_field_fmt (uiout=0x12692b0, fldno=146,
fldname=0x9303c4 "file", format=0x97c1de "%s")
    at ../../src/gdb/cli-out.c:334
#5  0x00000000006dc977 in cli_field_string (uiout=0x12692b0,
fldno=146, width=0, align=ui_noalign,
    fldname=0x9303c4 "file", string=0x159e390 "../../src/gdb/main.c")
at ../../src/gdb/cli-out.c:209
#6  0x000000000052df90 in tui_field_string (uiout=0x12692b0,
fldno=146, width=0, align=ui_noalign,
    fldname=0x9303c4 "file", string=0x159e390 "../../src/gdb/main.c")
at ../../src/gdb/tui/tui-out.c:99
#7  0x00000000006dbb4a in uo_field_string (uiout=0x12692b0, fldno=146,
width=0, align=ui_noalign,
    fldname=0x9303c4 "file", string=0x159e390 "../../src/gdb/main.c")
at ../../src/gdb/ui-out.c:854
#8  0x00000000006db474 in ui_out_field_string (uiout=0x12692b0,
fldname=0x9303c4 "file",
    string=0x159e390 "../../src/gdb/main.c") at ../../src/gdb/ui-out.c:544
#9  0x00000000005a9a3f in print_source_lines_base (s=0x1863fc0,
line=985, stopline=986, flags=PRINT_SOURCE_LINES_NOERROR)
    at ../../src/gdb/source.c:1347
#10 0x00000000005a9ddc in print_source_lines (s=0x1863fc0, line=985,
stopline=986, flags=(unknown: 0))
    at ../../src/gdb/source.c:1442
#11 0x000000000052fe6a in tui_vertical_source_scroll
(scroll_direction=BACKWARD_SCROLL, num_to_scroll=1)
    at ../../src/gdb/tui/tui-source.c:385
#12 0x000000000053160c in tui_scroll_backward
(win_to_scroll=0x1d6a6c0, num_to_scroll=1)
    at ../../src/gdb/tui/tui-win.c:538
#13 0x0000000000528b65 in tui_dispatch_ctrl_char (ch=259) at
../../src/gdb/tui/tui-command.c:118
#14 0x000000000052c57f in tui_getc (fp=0x7f67f2dee340
<_IO_2_1_stdin_>) at ../../src/gdb/tui/tui-io.c:692
#15 0x00000000007702d7 in rl_read_key () at ../../src/readline/input.c:448
---Type <return> to continue, or q <return> to quit---
#16 0x0000000000756c08 in readline_internal_char () at
../../src/readline/readline.c:517
#17 0x00000000007708e9 in rl_callback_read_char () at
../../src/readline/callback.c:201
#18 0x000000000061d9c5 in rl_callback_read_char_wrapper
(client_data=0x0) at ../../src/gdb/event-top.c:163
#19 0x000000000061de35 in stdin_event_handler (error=0,
client_data=0x0) at ../../src/gdb/event-top.c:371
#20 0x000000000061c951 in handle_file_event (data=...) at
../../src/gdb/event-loop.c:768
#21 0x000000000061be17 in process_event () at ../../src/gdb/event-loop.c:342
#22 0x000000000061bede in gdb_do_one_event () at ../../src/gdb/event-loop.c:406

Thanks,
Hui

>
>
> Thanks,
> Jan
>
>
> gdb/
> 2013-03-11  Jan Kratochvil  <jan.kratochvil@redhat.com>
>
>         * tui/tui-source.c (tui_set_source_content): Allocate and free SRC_LINE
>         always.
>
> diff --git a/gdb/tui/tui-source.c b/gdb/tui/tui-source.c
> index e599382..41e7aa6 100644
> --- a/gdb/tui/tui-source.c
> +++ b/gdb/tui/tui-source.c
> @@ -116,9 +116,7 @@ tui_set_source_content (struct symtab *s,
>                   src->gdbarch = get_objfile_arch (s->objfile);
>                   src->start_line_or_addr.loa = LOA_LINE;
>                   cur_line_no = src->start_line_or_addr.u.line_no = line_no;
> -                 if (offset > 0)
> -                   src_line = (char *) xmalloc (
> -                                          (threshold + 1) * sizeof (char));
> +                 src_line = xmalloc (threshold + 1);
>                   while (cur_line < nlines)
>                     {
>                       struct tui_win_element *element
> @@ -128,10 +126,6 @@ tui_set_source_content (struct symtab *s,
>                       /* Get the first character in the line.  */
>                       c = fgetc (stream);
>
> -                     if (offset == 0)
> -                       src_line = ((struct tui_win_element *)
> -                                  TUI_SRC_WIN->generic.content[
> -                                       cur_line])->which_element.source.line;
>                       /* Init the line with the line number.  */
>                       sprintf (src_line, "%-6d", cur_line_no);
>                       cur_len = strlen (src_line);
> @@ -222,9 +216,20 @@ tui_set_source_content (struct symtab *s,
>                       /* Now copy the line taking the offset into
>                          account.  */
>                       if (strlen (src_line) > offset)
> +{
> +char *a=((struct tui_win_element *)
> +                                TUI_SRC_WIN->generic.content[cur_line])->which_element.source.line;
> +char *b=&src_line[offset];
> +size_t l=strlen(b)+1;
> +if (a==b
> +||(a<b&&a+l>b)
> +||(b<a&&b+l>a)
> +)
> +sleep(0);
>                         strcpy (((struct tui_win_element *)
>                                  TUI_SRC_WIN->generic.content[cur_line])->which_element.source.line,
>                                 &src_line[offset]);
> +}
>                       else
>                         ((struct tui_win_element *)
>                          TUI_SRC_WIN->generic.content[
> @@ -232,8 +237,7 @@ tui_set_source_content (struct symtab *s,
>                       cur_line++;
>                       cur_line_no++;
>                     }
> -                 if (offset > 0)
> -                   xfree (src_line);
> +                 xfree (src_line);
>                   fclose (stream);
>                   TUI_SRC_WIN->generic.content_size = nlines;
>                   ret = TUI_SUCCESS;

next prev parent reply	other threads:[~2013-03-12  3:15 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-09 14:14 Hui Zhu
2013-03-11 19:25 ` Jan Kratochvil
2013-03-12  3:15   ` Hui Zhu [this message]
2013-03-12 12:22     ` Hui Zhu
2013-03-12 12:37       ` Jan Kratochvil
2013-03-12 13:21         ` Hui Zhu
2013-03-12 14:21           ` Hui Zhu
2013-03-12 16:04         ` Pedro Alves
2013-03-12 16:35           ` Pedro Alves
2013-03-12 18:36 ` Pedro Alves
2013-03-12 18:42   ` Pedro Alves
2013-03-13 18:55   ` [patch+7.6] [TUI] Fix scrolling missing '>' 7.6 regression [Re: [PATCH] Fix gdb crash with tui] Jan Kratochvil
2013-03-14  1:46     ` Hui Zhu
2013-03-14 12:53     ` Pedro Alves
2013-03-14 14:44       ` [commit+7.6] " Jan Kratochvil
2013-03-13 18:55   ` [patch+7.6] [TUI] Fix scrolling crash " Jan Kratochvil
2013-03-14  1:46     ` Hui Zhu
2013-03-14 12:33     ` Pedro Alves
2013-03-14 14:41       ` [commit+7.6] " Jan Kratochvil
2013-03-14 14:57         ` Pedro Alves

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CANFwon1cLpJ5k_5gN-dxmLD4b1zzvwcg_LJf+Q-Ywx+f7H0nVA@mail.gmail.com \
    --to=teawater@gmail.com \
    --cc=brobecker@adacore.com \
    --cc=gdb-patches@sourceware.org \
    --cc=jan.kratochvil@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox