From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-83451-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 16941 invoked by alias); 2 Sep 2011 13:07:08 -0000
Received: (qmail 16918 invoked by uid 22791); 2 Sep 2011 13:07:07 -0000
X-SWARE-Spam-Status: No, hits=-1.7 required=5.0	tests=AWL,BAYES_00,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPF_HELO_PASS,TW_BJ
X-Spam-Check-By: sourceware.org
Received: from lo.gmane.org (HELO lo.gmane.org) (80.91.229.12)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 02 Sep 2011 13:06:51 +0000
Received: from list by lo.gmane.org with local (Exim 4.69)	(envelope-from <gdb-gdb-patches@m.gmane.org>)	id 1QzTSJ-00012v-4k	for gdb-patches@sources.redhat.com; Fri, 02 Sep 2011 15:06:47 +0200
Received: from 209.226.137.108 ([209.226.137.108])        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))        id 1AlnuQ-0007hv-00        for <gdb-patches@sources.redhat.com>; Fri, 02 Sep 2011 15:06:47 +0200
Received: from aristovski by 209.226.137.108 with local (Gmexim 0.1 (Debian))        id 1AlnuQ-0007hv-00        for <gdb-patches@sources.redhat.com>; Fri, 02 Sep 2011 15:06:47 +0200
To: gdb-patches@sources.redhat.com
From: Aleksandar Ristovski <aristovski@qnx.com>
Subject: Re: dangling pointer in so_list
Date: Fri, 02 Sep 2011 13:52:00 -0000
Message-ID: <j3qkcq$mou$1@dough.gmane.org>
References: <j3m3u5$2m0$1@dough.gmane.org> <j3m4hd$647$1@dough.gmane.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------090806040406060200010509"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20110812 Thunderbird/6.0
In-Reply-To: <j3m4hd$647$1@dough.gmane.org>
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2011-09/txt/msg00031.txt.bz2

This is a multi-part message in MIME format.
--------------090806040406060200010509
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-length: 710

It turns out that there is another function with almost identical loop. 
This time, in 'update_solib_list' gdb would do the same: in one 
iteration it frees an objfile, in another tries to free it again.

The attached patch supersedes the first one and extracts the logic for 
determining duplicates into a function, then uses the function.

Still no regressions.


Comments appreciated.



Thanks,

Aleksandar Ristovski
QNX Software Systems




ChangeLog has changed slightly:

<date>  Aleksandar Ristovski  <aristovski@qnx.com>

         * solib.c (used): New function.
         (update_solib_list, reload_shared_libraries_1): Check if 
objfile is used
         by another so_list object before freeing it.


--------------090806040406060200010509
Content-Type: text/x-patch;
 name="dangling_objfile_in_so_list-201109011545.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="dangling_objfile_in_so_list-201109011545.patch"
Content-length: 1760

Index: gdb/solib.c
===================================================================
RCS file: /cvs/src/src/gdb/solib.c,v
retrieving revision 1.153
diff -u -p -r1.153 solib.c
--- gdb/solib.c	30 Aug 2011 02:48:05 -0000	1.153
+++ gdb/solib.c	1 Sep 2011 19:56:37 -0000
@@ -633,6 +633,23 @@ solib_read_symbols (struct so_list *so, 
   return 0;
 }
 
+/* Return 1 if KNOWN->objfile is used by any other so_list object in the
+   HEAD list.  Return 0 otherwise.  */
+
+static int
+used (const struct so_list *const known, const struct so_list *const head)
+{
+  const struct so_list *pivot;
+  int found = 0;
+
+  for (pivot = head; pivot != NULL && !found; pivot = pivot->next)
+    {
+      if (pivot != known && pivot->objfile == known->objfile)
+	found = 1;
+    }
+  return found;
+}
+
 /* Synchronize GDB's shared object list with inferior's.
 
    Extract the list of currently loaded shared objects from the
@@ -749,7 +766,8 @@ update_solib_list (int from_tty, struct 
 	  *gdb_link = gdb->next;
 
 	  /* Unless the user loaded it explicitly, free SO's objfile.  */
-	  if (gdb->objfile && ! (gdb->objfile->flags & OBJF_USERLOADED))
+	  if (gdb->objfile && ! (gdb->objfile->flags & OBJF_USERLOADED)
+	      && !used (gdb, so_list_head))
 	    free_objfile (gdb->objfile);
 
 	  /* Some targets' section tables might be referring to
@@ -1225,7 +1243,8 @@ reload_shared_libraries_1 (int from_tty)
 	  || (found_pathname != NULL
 	      && filename_cmp (found_pathname, so->so_name) != 0))
 	{
-	  if (so->objfile && ! (so->objfile->flags & OBJF_USERLOADED))
+	  if (so->objfile && ! (so->objfile->flags & OBJF_USERLOADED)
+	      && !used (so, so_list_head))
 	    free_objfile (so->objfile);
 	  remove_target_sections (so->abfd);
 	  free_so_symbols (so);

--------------090806040406060200010509--