Bug 9907 - gdb 6.8.50.20090225-cvs segfault in g++ demangler
Summary: gdb 6.8.50.20090225-cvs segfault in g++ demangler
Status: RESOLVED FIXED
Alias: None
Product: gdb
Classification: Unclassified
Component: gdb (show other bugs)
Version: 6.8
: P2 normal
Target Milestone: 7.0
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-26 05:26 UTC by Albert Zeyer
Modified: 2014-05-27 12:41 UTC (History)
3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Albert Zeyer 2009-02-26 05:26:19 UTC 
I have the coredump of gdb:

az@acompneu ~/Programmierung/openlierox $ gdb /usr/local/bin/gdb
/var/tmp/core_gdb_16488_1000_1235625534 
GNU gdb (GDB) 6.8.50.20090225-cvs
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libncurses.so.5...done.
Loaded symbols for /lib/libncurses.so.5
Reading symbols from /lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/lib/libpython2.5.so.1.0...done.
Loaded symbols for /usr/lib/libpython2.5.so.1.0
Reading symbols from /usr/lib/libexpat.so.1...done.
Loaded symbols for /usr/lib/libexpat.so.1
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libutil.so.1...done.
Loaded symbols for /lib/libutil.so.1
Reading symbols from /lib/libthread_db.so.1...done.
Loaded symbols for /lib/libthread_db.so.1
Core was generated by `gdb bin/openlierox
/home/az/Programmierung/openlierox/share/gamedir/core.OpenLi'.
Program terminated with signal 11, Segmentation fault.
#0  d_print_comp (dpi=0xbfac7924, dc=0x945ce5c)
    at .././libiberty/cp-demangle.c:3256
3256	{
(gdb) t apply all bt full

Thread 1 (Thread 16488):
#0  d_print_comp (dpi=0xbfac7924, dc=0x945ce5c)
    at .././libiberty/cp-demangle.c:3256
No locals.
#1  0x08294870 in d_print_comp (dpi=0xbfac7924, dc=0x945ce68)
    at .././libiberty/cp-demangle.c:3762
No locals.
#2  0x08294088 in d_print_comp (dpi=0xbfac7924, dc=0x945ce74)
    at .././libiberty/cp-demangle.c:3421
        hold_dpm = 0xbf2ca384
        dcl = 0x945ce44
#3  0x082940d6 in d_print_comp (dpi=0xbfac7924, dc=0x945ce80)
    at .././libiberty/cp-demangle.c:3276
No locals.
#4  0x0829429e in d_print_comp (dpi=0xbfac7924, dc=0x945ce8c)
    at .././libiberty/cp-demangle.c:3368
        hold_modifiers = 0xbf2ca524
        typed_name = 0x945ce44
        adpm = {{next = 0xbf2ca524, mod = 0x945ce44, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 136918758, 
---Type <return> to continue, or q <return> to quit---
            templates = 0x82b4f85}}
        i = 1
        dpt = {next = 0x82b4f85, template_decl = 0xbfac7928}
#5  0x08294103 in d_print_comp (dpi=0xbfac7924, dc=0x945ce80)
    at .././libiberty/cp-demangle.c:3281
No locals.
#6  0x0829429e in d_print_comp (dpi=0xbfac7924, dc=0x945ce8c)
    at .././libiberty/cp-demangle.c:3368
        hold_modifiers = 0xbf2ca6c4
        typed_name = 0x945ce44
        adpm = {{next = 0xbf2ca6c4, mod = 0x945ce44, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 136918758, 
            templates = 0x82b4f85}}
        i = 1
        dpt = {next = 0x82b4f85, template_decl = 0xbfac7928}
#7  0x08294103 in d_print_comp (dpi=0xbfac7924, dc=0x945ce80)
    at .././libiberty/cp-demangle.c:3281
No locals.
#8  0x0829429e in d_print_comp (dpi=0xbfac7924, dc=0x945ce8c)
    at .././libiberty/cp-demangle.c:3368
        hold_modifiers = 0xbf2ca864
---Type <return> to continue, or q <return> to quit---
        typed_name = 0x945ce44
        adpm = {{next = 0xbf2ca864, mod = 0x945ce44, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 136918758, 
            templates = 0x82b4f85}}
        i = 1
        dpt = {next = 0x82b4f85, template_decl = 0xbfac7928}
#9  0x08294103 in d_print_comp (dpi=0xbfac7924, dc=0x945ce80)
    at .././libiberty/cp-demangle.c:3281
No locals.
#10 0x0829429e in d_print_comp (dpi=0xbfac7924, dc=0x945ce8c)
    at .././libiberty/cp-demangle.c:3368
        hold_modifiers = 0xbf2caa04
        typed_name = 0x945ce44
        adpm = {{next = 0xbf2caa04, mod = 0x945ce44, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 136918758, 
            templates = 0x82b4f85}}
        i = 1
        dpt = {next = 0x82b4f85, template_decl = 0xbfac7928}
#11 0x08294103 in d_print_comp (dpi=0xbfac7924, dc=0x945ce80)
---Type <return> to continue, or q <return> to quit---
    at .././libiberty/cp-demangle.c:3281
No locals.
#12 0x0829429e in d_print_comp (dpi=0xbfac7924, dc=0x945ce8c)
    at .././libiberty/cp-demangle.c:3368
        hold_modifiers = 0xbf2caba4
        typed_name = 0x945ce44
        adpm = {{next = 0xbf2caba4, mod = 0x945ce44, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 136918758, 
            templates = 0x82b4f85}}
        i = 1
        dpt = {next = 0x82b4f85, template_decl = 0xbfac7928}
#13 0x08294103 in d_print_comp (dpi=0xbfac7924, dc=0x945ce80)
    at .././libiberty/cp-demangle.c:3281
No locals.
#14 0x0829429e in d_print_comp (dpi=0xbfac7924, dc=0x945ce8c)
    at .././libiberty/cp-demangle.c:3368
        hold_modifiers = 0xbf2cad44
        typed_name = 0x945ce44
        adpm = {{next = 0xbf2cad44, mod = 0x945ce44, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
---Type <return> to continue, or q <return> to quit---
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 136918758, 
            templates = 0x82b4f85}}
        i = 1
        dpt = {next = 0x82b4f85, template_decl = 0xbfac7928}
#15 0x08294103 in d_print_comp (dpi=0xbfac7924, dc=0x945ce80)
    at .././libiberty/cp-demangle.c:3281
No locals.
#16 0x0829429e in d_print_comp (dpi=0xbfac7924, dc=0x945ce8c)
    at .././libiberty/cp-demangle.c:3368
        hold_modifiers = 0xbf2caee4
        typed_name = 0x945ce44
        adpm = {{next = 0xbf2caee4, mod = 0x945ce44, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 136918758, 
            templates = 0x82b4f85}}
        i = 1
        dpt = {next = 0x82b4f85, template_decl = 0xbfac7928}
#17 0x08294103 in d_print_comp (dpi=0xbfac7924, dc=0x945ce80)
    at .././libiberty/cp-demangle.c:3281
No locals.
#18 0x0829429e in d_print_comp (dpi=0xbfac7924, dc=0x945ce8c)
    at .././libiberty/cp-demangle.c:3368
---Type <return> to continue, or q <return> to quit---
        hold_modifiers = 0xbf2cb084
        typed_name = 0x945ce44
        adpm = {{next = 0xbf2cb084, mod = 0x945ce44, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 0, 
            templates = 0x0}, {next = 0x0, mod = 0x0, printed = 136918758, 
            templates = 0x82b4f85}}
        i = 1
        dpt = {next = 0x82b4f85, template_decl = 0xbfac7928}
#19 0x08294103 in d_print_comp (dpi=0xbfac7924, dc=0x945ce80)
    at .././libiberty/cp-demangle.c:3281
No locals.
Comment 1 Albert Zeyer 2009-02-26 05:31:28 UTC 
Coredump + my binary can be downloaded here:
http://www.4shared.com/file/89530928/33d6e64f/gdb-685020090225-cvs__corebin.html
Comment 2 AnotherBadHairDay 2009-03-11 16:34:07 UTC 
I have the same bug here
GDB 6.8.50.20090311 tarball
GCC 3.4.2

I'm reproducing it with the cpp file below.
--------
class MyClass
{
public:
  bool
  operator()() const
  {
    return true; // put a breakpoint here and run
  }
};

int
main()
{
  MyClass a;
  a();
  return 10;
}
--------
The core shows :
#0  0x00000000006e6929 in d_append_buffer ()
#1  0x00000000006e5463 in d_print_comp ()
#2  0x00000000006e54d8 in d_print_comp ()
#3  0x00000000006e4f81 in cplus_demangle_print_callback ()
#4  0x00000000006e506b in cplus_demangle_print ()
#5  0x00000000005e8f1b in cp_comp_to_string ()
#6  0x00000000005cfbe4 in cp_remove_params ()
#7  0x000000000051eab6 in print_frame ()
#8  0x000000000051e81b in print_frame_info ()
#9  0x000000000051de3f in print_stack_frame_stub ()
#10 0x000000000052454d in catch_errors ()
#11 0x000000000051debf in print_stack_frame ()
#12 0x000000000051b82d in normal_stop ()
#13 0x000000000051695d in proceed ()
Comment 3 AnotherBadHairDay 2009-03-12 15:09:15 UTC 
My issue is in fact a libiberty problem.
Replacing the libiberty directory by the one included in gdb-6.8 solved my 
problem

Albert, does this solves yours ?
Comment 4 Albert Zeyer 2009-03-12 15:14:24 UTC 
I randomly hit this crash, not sure if I can reproduce that. But I have some
similar functor classes in my code, so it's probable that we hit both the same
problem.
Comment 5 Tom Tromey 2009-03-12 21:09:48 UTC 
FWIW, I tried this with CVS head gdb today, on x86 Fedora 9,
using the system gcc (4.3.0).
I could not reproduce the crash.
Comment 6 AnotherBadHairDay 2009-03-16 16:52:57 UTC 
The problem reoccured (I did a fresh check out a few hours ago ...)
Here's the problem I get - this time not with the code from my comment above, 
but from a cppunit test.

After some investigation, here's what is happening :
cp-name-parser.y:2016 
cp_demangled_name_to_comp("CppUnit::TestCaseMethodFunctor::operator()() const")

is called. 


it seems the problem is coming from here :
gdb/cp-name-parser.y:504
   make_operator ("()", 0);  // define the operator with argument 0
then
libiberty/cp-demangle.c:1439
   { "cl", NL ("()"),        2 },  // define the operator with argument 2

The matching between those 2 is done in libiberty/cp-demint.c:166
if (len == cplus_demangle_operators[i].len 
    && args == cplus_demangle_operators[i].args // oups - won't match
    && strcmp (opname, cplus_demangle_operators[i].name) == 0)

Not sure how it is related, but anyway it seems hard that those 2 could ever 
match. Putting both argument values to 0 or both to 2 fix the problem anyway.
Comment 7 AnotherBadHairDay 2009-03-17 08:27:26 UTC 
to reproduce, put this in your gdb.c :
int
main (int argc, char **argv)
{
  cp_remove_params("A()");
  cp_remove_params("M::operator()() const");
  return -1;
}
Comment 8 Pedro Alves 2014-05-27 12:41:58 UTC 
I tried that on current mainline, and saw no crash.  The current gdb code has been made to match libiberty a few years ago, between 6.8/7.0:

commit 71c25deab3d61e4cfbaffc7006704a27d1bc0737
Author: Tom Tromey <tromey@redhat.com>
Date:   Tue Mar 31 20:21:08 2009 +0000

    2009-03-31  Daniel Jacobowitz  <dan@codesourcery.com>
            Keith Seitz  <keiths@redhat.com>
            Jan Kratochvil  <jan.kratochvil@redhat.com>
    
        PR gdb/6817
...
        * cp-name-parser.y: operator() requires two parameters,
        according to libiberty.
...

Closing.