From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16216 invoked by alias); 5 Jan 2014 15:06:04 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 16193 invoked by uid 89); 5 Jan 2014 15:06:01 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.5 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 05 Jan 2014 15:06:00 +0000 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s05F5tNT016176 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 5 Jan 2014 10:05:55 -0500 Received: from psique ([10.3.113.9]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s05F5pll002513 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 5 Jan 2014 10:05:52 -0500 From: Sergio Durigan Junior To: Hui Zhu Cc: gdb-patches ml , Edjunior Barbosa Machado , Nick Clifton , Tom Tromey Subject: Re: [PATCH] Remove gdb_bfd_stash_filename to fix crash with fix of binutils/11983 References: <52C8358B.7080101@mentor.com> X-URL: http://www.redhat.com Date: Sun, 05 Jan 2014 15:06:00 -0000 In-Reply-To: <52C8358B.7080101@mentor.com> (Hui Zhu's message of "Sun, 5 Jan 2014 00:23:39 +0800") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-IsSubscribed: yes X-SW-Source: 2014-01/txt/msg00034.txt.bz2 On Saturday, January 04 2014, Hui Zhu wrote: > Got double free or corruption with new GDB: > (gdb) r > Starting program: /home/teawater/tmp/a.out > *** glibc detected *** /home/teawater/gdb/git/bgdbno/gdb/gdb: double free or corruption (out): 0x00000000011ed4d0 *** > ======= Backtrace: ========= > /lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7ffff65f5b96] [...] > The reason is when GDB open bfd, it will call gdb_bfd_stash_filename to the memory of abfd. > But in binutils/11983, it add "(_bfd_delete_bfd): Free filename." So when gdb try to close the bfd, it will crash. > > I make a patch to remove all gdb_bfd_stash_filename to fix this issue. Hm, given what Tom said on , I believe this is the right way to solve the problem. Edjunior posted a patch a few days ago that duplicated the name. I'm adding him on the Cc. I'm also adding Nick and Tom. BTW, Hui, your patch seems to have been mangled by your MUA. Thanks, > 2014-01-05 Hui Zhu > > * gdb_bfd.c (gdb_bfd_stash_filename): Removed. > (gdb_bfd_open): Removed gdb_bfd_stash_filename. > (gdb_bfd_fopen): Ditto. > (gdb_bfd_openr): Ditto. > (gdb_bfd_openw): Ditto. > (gdb_bfd_openr_iovec): Ditto. > (gdb_bfd_fdopenr): Ditto. > * gdb_bfd.h (gdb_bfd_stash_filename): Removed. > * symfile-mem.c (symbol_file_add_from_memory): Removed > gdb_bfd_stash_filename. > > --- a/gdb/gdb_bfd.c > +++ b/gdb/gdb_bfd.c > @@ -57,21 +57,6 @@ struct gdb_bfd_section_data > static htab_t all_bfds; > -/* See gdb_bfd.h. */ > - > -void > -gdb_bfd_stash_filename (struct bfd *abfd) > -{ > - char *name = bfd_get_filename (abfd); > - char *data; > - > - data = bfd_alloc (abfd, strlen (name) + 1); > - strcpy (data, name); > - > - /* Unwarranted chumminess with BFD. */ > - abfd->filename = data; > -} > - > /* An object of this type is stored in each BFD's user data. */ > struct gdb_bfd_data > @@ -204,7 +189,6 @@ gdb_bfd_open (const char *name, const ch > gdb_assert (!*slot); > *slot = abfd; > - gdb_bfd_stash_filename (abfd); > gdb_bfd_ref (abfd); > return abfd; > } > @@ -490,10 +474,7 @@ gdb_bfd_fopen (const char *filename, con > bfd *result = bfd_fopen (filename, target, mode, fd); > if (result) > - { > - gdb_bfd_stash_filename (result); > - gdb_bfd_ref (result); > - } > + gdb_bfd_ref (result); > return result; > } > @@ -506,10 +487,7 @@ gdb_bfd_openr (const char *filename, con > bfd *result = bfd_openr (filename, target); > if (result) > - { > - gdb_bfd_stash_filename (result); > - gdb_bfd_ref (result); > - } > + gdb_bfd_ref (result); > return result; > } > @@ -522,10 +500,7 @@ gdb_bfd_openw (const char *filename, con > bfd *result = bfd_openw (filename, target); > if (result) > - { > - gdb_bfd_stash_filename (result); > - gdb_bfd_ref (result); > - } > + gdb_bfd_ref (result); > return result; > } > @@ -553,10 +528,7 @@ gdb_bfd_openr_iovec (const char *filenam > pread_func, close_func, stat_func); > if (result) > - { > - gdb_bfd_ref (result); > - gdb_bfd_stash_filename (result); > - } > + gdb_bfd_ref (result); > return result; > } > @@ -603,10 +575,7 @@ gdb_bfd_fdopenr (const char *filename, c > bfd *result = bfd_fdopenr (filename, target, fd); > if (result) > - { > - gdb_bfd_ref (result); > - gdb_bfd_stash_filename (result); > - } > + gdb_bfd_ref (result); > return result; > } > --- a/gdb/gdb_bfd.h > +++ b/gdb/gdb_bfd.h > @@ -24,12 +24,6 @@ > DECLARE_REGISTRY (bfd); > -/* Make a copy ABFD's filename using bfd_alloc, and reassign it to > the > - BFD. This ensures that the BFD's filename has the same lifetime as > - the BFD itself. */ > - > -void gdb_bfd_stash_filename (struct bfd *abfd); > - > /* Open a read-only (FOPEN_RB) BFD given arguments like bfd_fopen. > Returns NULL on error. On success, returns a new reference to the > BFD, which must be freed with gdb_bfd_unref. BFDs returned by this > @@ -79,22 +73,22 @@ int gdb_bfd_crc (struct bfd *abfd, unsig > > /* A wrapper for bfd_fopen that initializes the gdb-specific > reference > - count and calls gdb_bfd_stash_filename. */ > + count. */ > bfd *gdb_bfd_fopen (const char *, const char *, const char *, int); > /* A wrapper for bfd_openr that initializes the gdb-specific > reference > - count and calls gdb_bfd_stash_filename. */ > + count. */ > bfd *gdb_bfd_openr (const char *, const char *); > /* A wrapper for bfd_openw that initializes the gdb-specific > reference > - count and calls gdb_bfd_stash_filename. */ > + count. */ > bfd *gdb_bfd_openw (const char *, const char *); > /* A wrapper for bfd_openr_iovec that initializes the gdb-specific > - reference count and calls gdb_bfd_stash_filename. */ > + reference count. */ > bfd *gdb_bfd_openr_iovec (const char *filename, const char *target, > void *(*open_func) (struct bfd *nbfd, > @@ -112,12 +106,12 @@ bfd *gdb_bfd_openr_iovec (const char *fi > struct stat *sb)); > /* A wrapper for bfd_openr_next_archived_file that initializes the > - gdb-specific reference count and calls gdb_bfd_stash_filename. */ > + gdb-specific reference count. */ > bfd *gdb_bfd_openr_next_archived_file (bfd *archive, bfd *previous); > /* A wrapper for bfd_fdopenr that initializes the gdb-specific > - reference count and calls gdb_bfd_stash_filename. */ > + reference count. */ > bfd *gdb_bfd_fdopenr (const char *filename, const char *target, int > fd); > --- a/gdb/symfile-mem.c > +++ b/gdb/symfile-mem.c > @@ -104,11 +104,7 @@ symbol_file_add_from_memory (struct bfd > if (name == NULL) > nbfd->filename = "shared object read from target memory"; > else > - { > - nbfd->filename = name; > - gdb_bfd_stash_filename (nbfd); > - xfree (name); > - } > + nbfd->filename = name; > cleanup = make_cleanup_bfd_unref (nbfd); -- Sergio