From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-return-38013-listarch-gdb=sources.redhat.com@sourceware.org>
Received: (qmail 24837 invoked by alias); 12 Sep 2010 00:24:26 -0000
Received: (qmail 24827 invoked by uid 22791); 12 Sep 2010 00:24:24 -0000
X-SWARE-Spam-Status: No, hits=-1.0 required=5.0	tests=AWL,BAYES_05,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,TW_BF,TW_CF,TW_XF,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: sourceware.org
Received: from mail-iw0-f169.google.com (HELO mail-iw0-f169.google.com) (209.85.214.169)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 12 Sep 2010 00:24:19 +0000
Received: by iwn33 with SMTP id 33so5345213iwn.0        for <gdb@sourceware.org>; Sat, 11 Sep 2010 17:24:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.182.201 with SMTP id cd9mr3518672ibb.21.1284251057784; Sat, 11 Sep 2010 17:24:17 -0700 (PDT)
Received: by 10.231.159.209 with HTTP; Sat, 11 Sep 2010 17:24:17 -0700 (PDT)
Date: Sun, 12 Sep 2010 00:24:00 -0000
Message-ID: <AANLkTi=8wvKMyDFLmmj0ih+vCg8tUb6vCAfxdyjyLStj@mail.gmail.com>
Subject: double free when trying to call a C++ function in GDB
From: Srinath Avadhanula <srinathava@gmail.com>
To: gdb@sourceware.org
Content-Type: text/plain; charset=ISO-8859-1
X-IsSubscribed: yes
Mailing-List: contact gdb-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb.sourceware.org>
List-Subscribe: <mailto:gdb-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-owner@sourceware.org
X-SW-Source: 2010-09/txt/msg00073.txt.bz2

Hi,

I tried to call a C++ function and this crashed GDB (stack below for GDB 7.2).

What I tried to do was the following:

(gdb) call CG::printCfgGraph(cfg, "/tmp/foo.dot")

Here, the variable cfg was locally of type CG_Cfg, while
CG::printCfgGraph accepts CG::Cfg as its first argument. CG_Cfg is a
parent class of CG::Cfg. So it looks like GDB is trying to throw an
error about not being able to find an overloaded method of that
signature (although this seems to work for GDB 6.8).

The same stack happens with GDB 7.2.20100906.

Regards,
Srinath

#0  0x00007f8b5517ced5 in raise () from /lib/libc.so.6
#1  0x00007f8b5517e3f3 in abort () from /lib/libc.so.6
#2  0x00007f8b551b9388 in ?? () from /lib/libc.so.6
#3  0x00007f8b551be928 in ?? () from /lib/libc.so.6
#4  0x00007f8b551c0a36 in free () from /lib/libc.so.6
#5  0x0000000000413366 in do_my_cleanups (pmy_chain=0xa3b998,
old_chain=0x0) at utils.c:441
#6  0x000000000050f521 in throw_exception (exception={reason =
RETURN_ERROR, error = GENERIC_ERROR, message = 0xfc83900 "Cannot
resolve function printCfgGraph to any overloaded instance"}) at
exceptions.c:232
#7  0x000000000050f5f4 in throw_it (reason=RETURN_ERROR,
error=GENERIC_ERROR, fmt=<value optimized out>, ap=<value optimized
out>) at exceptions.c:400
#8  0x000000000050f6c6 in throw_verror (error=<value optimized out>,
fmt=<value optimized out>, ap=0xffffffffffffffff) at exceptions.c:406
#9  0x0000000000417083 in error (string=<value optimized out>) at utils.c:966
#10 0x00000000004d6edf in find_overload_match
(arg_types=0x7fff448e5290, nargs=<value optimized out>, name=0x0,
method=<value optimized out>, lax=<value optimized out>, objp=0x0,
fsym=0x10a7a000, valp=0x0, symp=0x7fff448e5520, staticp=0x0, no_adl=1)
at valops.c:2567
#11 0x00000000004d00b4 in evaluate_subexp_standard (expect_type=<value
optimized out>, exp=0xfc83780, pos=0x7fff448e56d4, noside=EVAL_NORMAL)
at eval.c:1723
#12 0x0000000000575b83 in evaluate_subexp_c (expect_type=0x31ad,
exp=0xfc83780, pos=0x7fff448e56d4, noside=EVAL_NORMAL) at
c-lang.c:1047
#13 0x00000000004cbf32 in evaluate_expression (exp=<value optimized
out>) at eval.c:76
#14 0x00000000004e2330 in print_command_1 (exp=0xca1215
"CG::printCfgGraph(cfg, \"/tmp/foo.dot\")", inspect=0, voidprint=0) at
./printcmd.c:969
#15 0x000000000041250f in execute_command (p=0xca123a ")", from_tty=1)
at top.c:422
#16 0x0000000000515d74 in command_handler (command=0xca1210 "call
CG::printCfgGraph(cfg, \"/tmp/foo.dot\")") at event-top.c:498
#17 0x00000000005168fc in command_line_handler (rl=<value optimized
out>) at event-top.c:702
#18 0x00000000005df529 in rl_callback_read_char () at callback.c:205
#19 0x0000000000515dd9 in rl_callback_read_char_wrapper
(client_data=0x31ad) at event-top.c:178
#20 0x00000000005147f8 in process_event () at event-loop.c:399
#21 0x000000000051577c in gdb_do_one_event (data=<value optimized
out>) at event-loop.c:452
#22 0x000000000050f90b in catch_errors (func=0x515690
<gdb_do_one_event>, func_args=0x0, errstring=0x697b42 "", mask=<value
optimized out>) at exceptions.c:518
#23 0x000000000048c8a0 in tui_command_loop (data=<value optimized
out>) at ./tui/tui-interp.c:171
#24 0x0000000000409df9 in captured_command_loop (data=0x31ad) at ./main.c:227
#25 0x000000000050f90b in catch_errors (func=0x409df0
<captured_command_loop>, func_args=0x0, errstring=0x697b42 "",
mask=<value optimized out>) at exceptions.c:518
#26 0x0000000000409c0e in captured_main (data=<value optimized out>)
at ./main.c:910
#27 0x000000000050f90b in catch_errors (func=0x408ee0 <captured_main>,
func_args=0x7fff448e5b20, errstring=0x697b42 "", mask=<value optimized
out>) at exceptions.c:518
#28 0x0000000000408cd4 in gdb_main (args=<value optimized out>) at ./main.c:919
#29 0x0000000000408ca6 in main (argc=<value optimized out>,
argv=0x31ad) at gdb.c:34

<In the paste below, please note that the name gdb-7.2.20100609 should
instead be gdb-7.2.20100906).


*** glibc detected *** /home/savadhan/bin/gdb-7.2.20100609: double
free or corruption (!prev): 0x0000000010c293a0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f5acae71928]
/lib/libc.so.6(cfree+0x76)[0x7f5acae73a36]
/home/savadhan/bin/gdb-7.2.20100609[0x457796]
/home/savadhan/bin/gdb-7.2.20100609(throw_exception+0x81)[0x5563f1]
/home/savadhan/bin/gdb-7.2.20100609[0x5564c4]
/home/savadhan/bin/gdb-7.2.20100609[0x556596]
/home/savadhan/bin/gdb-7.2.20100609[0x45b4d3]
/home/savadhan/bin/gdb-7.2.20100609[0x51d5cf]
/home/savadhan/bin/gdb-7.2.20100609(evaluate_subexp_standard+0x33b4)[0x516764]
/home/savadhan/bin/gdb-7.2.20100609[0x5c1b13]
/home/savadhan/bin/gdb-7.2.20100609(evaluate_expression+0x22)[0x5125a2]
/home/savadhan/bin/gdb-7.2.20100609[0x528ba0]
/home/savadhan/bin/gdb-7.2.20100609(execute_command+0x26f)[0x45693f]
/home/savadhan/bin/gdb-7.2.20100609[0x55cc44]
/home/savadhan/bin/gdb-7.2.20100609[0x55d7cc]
/home/savadhan/bin/gdb-7.2.20100609(rl_callback_read_char+0x1d9)[0x62bbe9]
/home/savadhan/bin/gdb-7.2.20100609[0x55cca9]
/home/savadhan/bin/gdb-7.2.20100609[0x55b6c8]
/home/savadhan/bin/gdb-7.2.20100609(gdb_do_one_event+0xec)[0x55c64c]
/home/savadhan/bin/gdb-7.2.20100609(catch_errors+0x5b)[0x5567db]
/home/savadhan/bin/gdb-7.2.20100609[0x4d1640]
/home/savadhan/bin/gdb-7.2.20100609[0x44e1e9]
/home/savadhan/bin/gdb-7.2.20100609(catch_errors+0x5b)[0x5567db]
/home/savadhan/bin/gdb-7.2.20100609[0x44dffe]
/home/savadhan/bin/gdb-7.2.20100609(catch_errors+0x5b)[0x5567db]
/home/savadhan/bin/gdb-7.2.20100609(gdb_main+0x24)[0x44d0c4]
/home/savadhan/bin/gdb-7.2.20100609(main+0x36)[0x44d096]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f5acae1c1a6]
/home/savadhan/bin/gdb-7.2.20100609[0x44cf99]
======= Memory map: ========
00400000-00876000 r-xp 00000000 00:18 20698189
  /mathworks/home/savadhan/bin/gdb-7.2.20100609
00a75000-00a8a000 rw-p 00475000 00:18 20698189
  /mathworks/home/savadhan/bin/gdb-7.2.20100609
00a8a000-00aa9000 rw-p 00a8a000 00:00 0
02636000-137a5000 rw-p 02636000 00:00 0                                  [heap]
7f5ab8000000-7f5ab8021000 rw-p 7f5ab8000000 00:00 0
7f5ab8021000-7f5abc000000 ---p 7f5ab8021000 00:00 0
7f5abf7c6000-7f5abf7dc000 r-xp 00000000 08:01 647187
  /lib/libgcc_s.so.1
7f5abf7dc000-7f5abf9dc000 ---p 00016000 08:01 647187
  /lib/libgcc_s.so.1
7f5abf9dc000-7f5abf9dd000 rw-p 00016000 08:01 647187
  /lib/libgcc_s.so.1
7f5abf9fb000-7f5abfa02000 r--s 00000000 08:01 15557271
  /usr/lib/gconv/gconv-modules.cache
7f5abfa02000-7f5abfbc1000 r--p 013bd000 08:01 14946523
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwcg_ir.so.dbg
7f5abfbc1000-7f5abfd3d000 r--p 02e66000 08:01 14946762
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwstateflow.so.dbg
7f5abfd3d000-7f5abfd65000 r--p 001c9000 08:01 14947945
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwsl_lib_browse.so
7f5abfd65000-7f5abfde2000 r--p 0060b000 08:01 14947187
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwcgir_hdl.so
7f5abfdf2000-7f5abfe02000 r--p 001f4000 00:3b 29780754
  /mathworks/devel/jobarchive/Acgir/.snapshot/2010_09_06_h20m10s28_job40208_pass/current/matlab/sys/os/glnxa64/libgfortran.so.3.0.0
7f5abfe02000-7f5abfe0f000 r--p 000ca000 00:3b 29780754
  /mathworks/devel/jobarchive/Acgir/.snapshot/2010_09_06_h20m10s28_job40208_pass/current/matlab/sys/os/glnxa64/libgfortran.so.3.0.0
7f5abfe10000-7f5abfe16000 r--p 00054000 08:01 14946662
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwSimulinkMask.so
7f5abfe16000-7f5abfe1f000 r--p 00051000 08:01 14959616
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/imageformats/libqmng.so
7f5abfe1f000-7f5abfe28000 r--p 000e2000 08:01 14947614
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwmathlinalg.so
7f5abfe28000-7f5abfe34000 r--p 0005b000 08:01 14947408
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwCoder_res.so
7f5abfe34000-7f5abff48000 r--p 01a65000 08:01 10969656
  /usr/lib/libGLcore.so.195.36.15
7f5abff48000-7f5abff51000 r--p 00072000 08:01 14946325
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libfreetype.so.6.3.16
7f5abff51000-7f5abff57000 r--p 00177000 08:01 14947438
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwdesuite_sundials_solver.so
7f5abff57000-7f5abff62000 r--p 005e5000 08:01 14947432
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwdesuite_kernel_solver.so
7f5abff62000-7f5abff6a000 r--p 00044000 08:01 14947118
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwcgir_cpp_emitter.so
7f5abff6a000-7f5abff71000 r--p 00068000 08:01 14947070
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwcgir_algorithm.so
7f5abff71000-7f5abff7c000 r--p 0006e000 08:01 14947086
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwcgir_cgel.so
7f5abff7c000-7f5abffcc000 r--p 0030d000 08:01 14947481
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmweml.so
7f5abffcc000-7f5abffd4000 r--p 00043000 08:01 14947522
  /local/savadhan/sandbox/Acgirb/matlab/bin/glnxa64/libmwglue_mi.so
7f5abffd4000-7f5abffdd000 r--p 0005c000 08:01 14947530                   /local