From: Sergio Durigan Junior <sergiodj@redhat.com>
To: Hui Zhu <hui_zhu@mentor.com>
Cc: gdb-patches ml <gdb-patches@sourceware.org>,
Edjunior Barbosa Machado <emachado@linux.vnet.ibm.com>,
Nick Clifton <nickc@redhat.com>,
Tom Tromey <tromey@redhat.com>
Subject: Re: [PATCH] Remove gdb_bfd_stash_filename to fix crash with fix of binutils/11983
Date: Sun, 05 Jan 2014 15:06:00 -0000 [thread overview]
Message-ID: <m3mwja5v01.fsf@redhat.com> (raw)
In-Reply-To: <52C8358B.7080101@mentor.com> (Hui Zhu's message of "Sun, 5 Jan 2014 00:23:39 +0800")
On Saturday, January 04 2014, Hui Zhu wrote:
> Got double free or corruption with new GDB:
> (gdb) r
> Starting program: /home/teawater/tmp/a.out
> *** glibc detected *** /home/teawater/gdb/git/bgdbno/gdb/gdb: double free or corruption (out): 0x00000000011ed4d0 ***
> ======= Backtrace: =========
> /lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7ffff65f5b96]
[...]
> The reason is when GDB open bfd, it will call gdb_bfd_stash_filename to the memory of abfd.
> But in binutils/11983, it add "(_bfd_delete_bfd): Free filename." So when gdb try to close the bfd, it will crash.
>
> I make a patch to remove all gdb_bfd_stash_filename to fix this issue.
Hm, given what Tom said on
<https://sourceware.org/bugzilla/show_bug.cgi?id=11983#c12>, I believe
this is the right way to solve the problem.
Edjunior posted a patch a few days ago that duplicated the name. I'm
adding him on the Cc. I'm also adding Nick and Tom.
BTW, Hui, your patch seems to have been mangled by your MUA.
Thanks,
> 2014-01-05 Hui Zhu <hui@codesourcery.com>
>
> * gdb_bfd.c (gdb_bfd_stash_filename): Removed.
> (gdb_bfd_open): Removed gdb_bfd_stash_filename.
> (gdb_bfd_fopen): Ditto.
> (gdb_bfd_openr): Ditto.
> (gdb_bfd_openw): Ditto.
> (gdb_bfd_openr_iovec): Ditto.
> (gdb_bfd_fdopenr): Ditto.
> * gdb_bfd.h (gdb_bfd_stash_filename): Removed.
> * symfile-mem.c (symbol_file_add_from_memory): Removed
> gdb_bfd_stash_filename.
>
> --- a/gdb/gdb_bfd.c
> +++ b/gdb/gdb_bfd.c
> @@ -57,21 +57,6 @@ struct gdb_bfd_section_data
> static htab_t all_bfds;
> -/* See gdb_bfd.h. */
> -
> -void
> -gdb_bfd_stash_filename (struct bfd *abfd)
> -{
> - char *name = bfd_get_filename (abfd);
> - char *data;
> -
> - data = bfd_alloc (abfd, strlen (name) + 1);
> - strcpy (data, name);
> -
> - /* Unwarranted chumminess with BFD. */
> - abfd->filename = data;
> -}
> -
> /* An object of this type is stored in each BFD's user data. */
> struct gdb_bfd_data
> @@ -204,7 +189,6 @@ gdb_bfd_open (const char *name, const ch
> gdb_assert (!*slot);
> *slot = abfd;
> - gdb_bfd_stash_filename (abfd);
> gdb_bfd_ref (abfd);
> return abfd;
> }
> @@ -490,10 +474,7 @@ gdb_bfd_fopen (const char *filename, con
> bfd *result = bfd_fopen (filename, target, mode, fd);
> if (result)
> - {
> - gdb_bfd_stash_filename (result);
> - gdb_bfd_ref (result);
> - }
> + gdb_bfd_ref (result);
> return result;
> }
> @@ -506,10 +487,7 @@ gdb_bfd_openr (const char *filename, con
> bfd *result = bfd_openr (filename, target);
> if (result)
> - {
> - gdb_bfd_stash_filename (result);
> - gdb_bfd_ref (result);
> - }
> + gdb_bfd_ref (result);
> return result;
> }
> @@ -522,10 +500,7 @@ gdb_bfd_openw (const char *filename, con
> bfd *result = bfd_openw (filename, target);
> if (result)
> - {
> - gdb_bfd_stash_filename (result);
> - gdb_bfd_ref (result);
> - }
> + gdb_bfd_ref (result);
> return result;
> }
> @@ -553,10 +528,7 @@ gdb_bfd_openr_iovec (const char *filenam
> pread_func, close_func, stat_func);
> if (result)
> - {
> - gdb_bfd_ref (result);
> - gdb_bfd_stash_filename (result);
> - }
> + gdb_bfd_ref (result);
> return result;
> }
> @@ -603,10 +575,7 @@ gdb_bfd_fdopenr (const char *filename, c
> bfd *result = bfd_fdopenr (filename, target, fd);
> if (result)
> - {
> - gdb_bfd_ref (result);
> - gdb_bfd_stash_filename (result);
> - }
> + gdb_bfd_ref (result);
> return result;
> }
> --- a/gdb/gdb_bfd.h
> +++ b/gdb/gdb_bfd.h
> @@ -24,12 +24,6 @@
> DECLARE_REGISTRY (bfd);
> -/* Make a copy ABFD's filename using bfd_alloc, and reassign it to
> the
> - BFD. This ensures that the BFD's filename has the same lifetime as
> - the BFD itself. */
> -
> -void gdb_bfd_stash_filename (struct bfd *abfd);
> -
> /* Open a read-only (FOPEN_RB) BFD given arguments like bfd_fopen.
> Returns NULL on error. On success, returns a new reference to the
> BFD, which must be freed with gdb_bfd_unref. BFDs returned by this
> @@ -79,22 +73,22 @@ int gdb_bfd_crc (struct bfd *abfd, unsig
> \f
> /* A wrapper for bfd_fopen that initializes the gdb-specific
> reference
> - count and calls gdb_bfd_stash_filename. */
> + count. */
> bfd *gdb_bfd_fopen (const char *, const char *, const char *, int);
> /* A wrapper for bfd_openr that initializes the gdb-specific
> reference
> - count and calls gdb_bfd_stash_filename. */
> + count. */
> bfd *gdb_bfd_openr (const char *, const char *);
> /* A wrapper for bfd_openw that initializes the gdb-specific
> reference
> - count and calls gdb_bfd_stash_filename. */
> + count. */
> bfd *gdb_bfd_openw (const char *, const char *);
> /* A wrapper for bfd_openr_iovec that initializes the gdb-specific
> - reference count and calls gdb_bfd_stash_filename. */
> + reference count. */
> bfd *gdb_bfd_openr_iovec (const char *filename, const char *target,
> void *(*open_func) (struct bfd *nbfd,
> @@ -112,12 +106,12 @@ bfd *gdb_bfd_openr_iovec (const char *fi
> struct stat *sb));
> /* A wrapper for bfd_openr_next_archived_file that initializes the
> - gdb-specific reference count and calls gdb_bfd_stash_filename. */
> + gdb-specific reference count. */
> bfd *gdb_bfd_openr_next_archived_file (bfd *archive, bfd *previous);
> /* A wrapper for bfd_fdopenr that initializes the gdb-specific
> - reference count and calls gdb_bfd_stash_filename. */
> + reference count. */
> bfd *gdb_bfd_fdopenr (const char *filename, const char *target, int
> fd);
> --- a/gdb/symfile-mem.c
> +++ b/gdb/symfile-mem.c
> @@ -104,11 +104,7 @@ symbol_file_add_from_memory (struct bfd
> if (name == NULL)
> nbfd->filename = "shared object read from target memory";
> else
> - {
> - nbfd->filename = name;
> - gdb_bfd_stash_filename (nbfd);
> - xfree (name);
> - }
> + nbfd->filename = name;
> cleanup = make_cleanup_bfd_unref (nbfd);
--
Sergio
next prev parent reply other threads:[~2014-01-05 15:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-04 16:23 Hui Zhu
2014-01-05 15:06 ` Sergio Durigan Junior [this message]
2014-01-05 15:48 ` Hui Zhu
2014-01-06 8:25 ` Tom Tromey
2014-01-06 10:50 ` Hui Zhu
2014-01-06 16:14 ` Tom Tromey
2014-01-06 17:12 ` Doug Evans
2014-01-06 21:07 ` Tom Tromey
2014-01-07 12:35 ` Pedro Alves
2014-01-07 13:55 ` Pedro Alves
2014-01-07 17:41 ` Tom Tromey
2014-01-07 19:54 ` Pedro Alves
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3mwja5v01.fsf@redhat.com \
--to=sergiodj@redhat.com \
--cc=emachado@linux.vnet.ibm.com \
--cc=gdb-patches@sourceware.org \
--cc=hui_zhu@mentor.com \
--cc=nickc@redhat.com \
--cc=tromey@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox