From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5641 invoked by alias); 12 Mar 2013 03:15:06 -0000 Received: (qmail 5613 invoked by uid 22791); 12 Mar 2013 03:15:04 -0000 X-SWARE-Spam-Status: No, hits=-4.7 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,TW_BJ,TW_CP X-Spam-Check-By: sourceware.org Received: from mail-ob0-f174.google.com (HELO mail-ob0-f174.google.com) (209.85.214.174) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 12 Mar 2013 03:14:52 +0000 Received: by mail-ob0-f174.google.com with SMTP id 16so4055307obc.5 for ; Mon, 11 Mar 2013 20:14:51 -0700 (PDT) X-Received: by 10.182.118.42 with SMTP id kj10mr10685001obb.99.1363058091514; Mon, 11 Mar 2013 20:14:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.60.60.7 with HTTP; Mon, 11 Mar 2013 20:14:11 -0700 (PDT) In-Reply-To: <20130311192521.GA28983@host2.jankratochvil.net> References: <20130311192521.GA28983@host2.jankratochvil.net> From: Hui Zhu Date: Tue, 12 Mar 2013 03:15:00 -0000 Message-ID: Subject: Re: [PATCH] Fix gdb crash with tui To: Jan Kratochvil Cc: gdb-patches ml , Joel Brobecker Content-Type: text/plain; charset=ISO-8859-1 X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2013-03/txt/msg00501.txt.bz2 On Tue, Mar 12, 2013 at 3:25 AM, Jan Kratochvil wrote: > On Sat, 09 Mar 2013 15:13:34 +0100, Hui Zhu wrote: >> I got crash when I use tui. The steps to reproduce is: >> gdb gdb >> b gdb_main >> r >> Ctrl-x A change to TUI mode. >> Keep click some times. >> Keep click some times. >> Then you can get "---Type to continue, or q to quit---" >> Click . >> Then the GDB crash. >> >> I think this issue is this part should not output "---Type to >> continue, or q to quit---". > > The patch is really not acceptable, there may be some memory corruption which > gets only hidden by the patch. > > I do not get a crash and not even that prompt. Could you provide a backtrace? > Or even to run parent GDB under valgrind? > > When I ran it under valgrind I got: > ==22920== Source and destination overlap in strcpy(0xefbaed0, 0xefbaed0) > ==22920== at 0x4C2B322: strcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==22920== by 0x653E33: tui_set_source_content (tui-source.c:225) > ==22920== by 0x6582C3: tui_update_source_window_as_is (tui-winsource.c:99) > ==22920== by 0x658276: tui_update_source_window (tui-winsource.c:81) > ==22920== by 0x654E47: tui_show_frame_info (tui-stack.c:406) > ==22920== by 0x659ABF: tui_enable (tui.c:423) > > With the debug hook below showing strcpy(sameptr,sameptr). > > Couldn't this patch (best without the 3rd debug hunk) fix your problem? > But maybe it is really unrelated. After I patch this patch, GDB still crash: #0 0x0000000000000000 in ?? () #1 0x0000000000770976 in rl_callback_read_char () at ../../src/readline/callback.c:220 #2 0x000000000061d9c5 in rl_callback_read_char_wrapper (client_data=0x0) at ../../src/gdb/event-top.c:163 #3 0x000000000061de35 in stdin_event_handler (error=0, client_data=0x0) at ../../src/gdb/event-top.c:371 #4 0x000000000061c951 in handle_file_event (data=...) at ../../src/gdb/event-loop.c:768 #5 0x000000000061be17 in process_event () at ../../src/gdb/event-loop.c:342 #6 0x000000000061bede in gdb_do_one_event () at ../../src/gdb/event-loop.c:406 #7 0x000000000061bf2f in start_event_loop () at ../../src/gdb/event-loop.c:431 #8 0x000000000061d9ef in cli_command_loop () at ../../src/gdb/event-top.c:176 #9 0x000000000061415f in current_interp_command_loop () at ../../src/gdb/interps.c:331 #10 0x0000000000614bff in captured_command_loop (data=0x0) at ../../src/gdb/main.c:256 #11 0x0000000000612eaa in catch_errors (func=0x614be4 , func_args=0x0, errstring=0x9486bf "", mask=6) at ../../src/gdb/exceptions.c:546 #12 0x0000000000616000 in captured_main (data=0x7fff57836570) at ../../src/gdb/main.c:1033 #13 0x0000000000612eaa in catch_errors (func=0x614e95 , func_args=0x7fff57836570, errstring=0x9486bf "", mask=6) at ../../src/gdb/exceptions.c:546 #14 0x0000000000616036 in gdb_main (args=0x7fff57836570) at ../../src/gdb/main.c:1042 #15 0x000000000045b7cf in main (argc=2, argv=0x7fff57836678) at ../../src/gdb/gdb.c:34 And I think the reason is when push and in tui mode, there should not show "---Type to continue, or q to quit---". If we just fix this crash, there will be a lot of "---Type to continue, or q to quit---". when push and . And this is the backtrace that when tui output it: #0 prompt_for_continue () at ../../src/gdb/utils.c:1863 #1 0x000000000071b2ce in fputs_maybe_filtered (linebuffer=0x142b890 "../../src/gdb/main.c", stream=0x136c110, filter=1) at ../../src/gdb/utils.c:2137 #2 0x000000000071b7b8 in vfprintf_maybe_filtered (stream=0x136c110, format=0x97c1de "%s", args=0x7fffef19b388, filter=1) at ../../src/gdb/utils.c:2324 #3 0x000000000071b7f3 in vfprintf_filtered (stream=0x136c110, format=0x97c1de "%s", args=0x7fffef19b388) at ../../src/gdb/utils.c:2332 #4 0x00000000006dcd17 in out_field_fmt (uiout=0x12692b0, fldno=146, fldname=0x9303c4 "file", format=0x97c1de "%s") at ../../src/gdb/cli-out.c:334 #5 0x00000000006dc977 in cli_field_string (uiout=0x12692b0, fldno=146, width=0, align=ui_noalign, fldname=0x9303c4 "file", string=0x159e390 "../../src/gdb/main.c") at ../../src/gdb/cli-out.c:209 #6 0x000000000052df90 in tui_field_string (uiout=0x12692b0, fldno=146, width=0, align=ui_noalign, fldname=0x9303c4 "file", string=0x159e390 "../../src/gdb/main.c") at ../../src/gdb/tui/tui-out.c:99 #7 0x00000000006dbb4a in uo_field_string (uiout=0x12692b0, fldno=146, width=0, align=ui_noalign, fldname=0x9303c4 "file", string=0x159e390 "../../src/gdb/main.c") at ../../src/gdb/ui-out.c:854 #8 0x00000000006db474 in ui_out_field_string (uiout=0x12692b0, fldname=0x9303c4 "file", string=0x159e390 "../../src/gdb/main.c") at ../../src/gdb/ui-out.c:544 #9 0x00000000005a9a3f in print_source_lines_base (s=0x1863fc0, line=985, stopline=986, flags=PRINT_SOURCE_LINES_NOERROR) at ../../src/gdb/source.c:1347 #10 0x00000000005a9ddc in print_source_lines (s=0x1863fc0, line=985, stopline=986, flags=(unknown: 0)) at ../../src/gdb/source.c:1442 #11 0x000000000052fe6a in tui_vertical_source_scroll (scroll_direction=BACKWARD_SCROLL, num_to_scroll=1) at ../../src/gdb/tui/tui-source.c:385 #12 0x000000000053160c in tui_scroll_backward (win_to_scroll=0x1d6a6c0, num_to_scroll=1) at ../../src/gdb/tui/tui-win.c:538 #13 0x0000000000528b65 in tui_dispatch_ctrl_char (ch=259) at ../../src/gdb/tui/tui-command.c:118 #14 0x000000000052c57f in tui_getc (fp=0x7f67f2dee340 <_IO_2_1_stdin_>) at ../../src/gdb/tui/tui-io.c:692 #15 0x00000000007702d7 in rl_read_key () at ../../src/readline/input.c:448 ---Type to continue, or q to quit--- #16 0x0000000000756c08 in readline_internal_char () at ../../src/readline/readline.c:517 #17 0x00000000007708e9 in rl_callback_read_char () at ../../src/readline/callback.c:201 #18 0x000000000061d9c5 in rl_callback_read_char_wrapper (client_data=0x0) at ../../src/gdb/event-top.c:163 #19 0x000000000061de35 in stdin_event_handler (error=0, client_data=0x0) at ../../src/gdb/event-top.c:371 #20 0x000000000061c951 in handle_file_event (data=...) at ../../src/gdb/event-loop.c:768 #21 0x000000000061be17 in process_event () at ../../src/gdb/event-loop.c:342 #22 0x000000000061bede in gdb_do_one_event () at ../../src/gdb/event-loop.c:406 Thanks, Hui > > > Thanks, > Jan > > > gdb/ > 2013-03-11 Jan Kratochvil > > * tui/tui-source.c (tui_set_source_content): Allocate and free SRC_LINE > always. > > diff --git a/gdb/tui/tui-source.c b/gdb/tui/tui-source.c > index e599382..41e7aa6 100644 > --- a/gdb/tui/tui-source.c > +++ b/gdb/tui/tui-source.c > @@ -116,9 +116,7 @@ tui_set_source_content (struct symtab *s, > src->gdbarch = get_objfile_arch (s->objfile); > src->start_line_or_addr.loa = LOA_LINE; > cur_line_no = src->start_line_or_addr.u.line_no = line_no; > - if (offset > 0) > - src_line = (char *) xmalloc ( > - (threshold + 1) * sizeof (char)); > + src_line = xmalloc (threshold + 1); > while (cur_line < nlines) > { > struct tui_win_element *element > @@ -128,10 +126,6 @@ tui_set_source_content (struct symtab *s, > /* Get the first character in the line. */ > c = fgetc (stream); > > - if (offset == 0) > - src_line = ((struct tui_win_element *) > - TUI_SRC_WIN->generic.content[ > - cur_line])->which_element.source.line; > /* Init the line with the line number. */ > sprintf (src_line, "%-6d", cur_line_no); > cur_len = strlen (src_line); > @@ -222,9 +216,20 @@ tui_set_source_content (struct symtab *s, > /* Now copy the line taking the offset into > account. */ > if (strlen (src_line) > offset) > +{ > +char *a=((struct tui_win_element *) > + TUI_SRC_WIN->generic.content[cur_line])->which_element.source.line; > +char *b=&src_line[offset]; > +size_t l=strlen(b)+1; > +if (a==b > +||(ab) > +||(ba) > +) > +sleep(0); > strcpy (((struct tui_win_element *) > TUI_SRC_WIN->generic.content[cur_line])->which_element.source.line, > &src_line[offset]); > +} > else > ((struct tui_win_element *) > TUI_SRC_WIN->generic.content[ > @@ -232,8 +237,7 @@ tui_set_source_content (struct symtab *s, > cur_line++; > cur_line_no++; > } > - if (offset > 0) > - xfree (src_line); > + xfree (src_line); > fclose (stream); > TUI_SRC_WIN->generic.content_size = nlines; > ret = TUI_SUCCESS;