This is the mail archive of the gdb-cvs@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[binutils-gdb] Fix use of a dangling pointer for Python breakpoint objects


https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f4952523968703caa027a5922263eb97b88bedc3

commit f4952523968703caa027a5922263eb97b88bedc3
Author: Pierre-Marie de Rodat <derodat@adacore.com>
Date:   Mon Jun 27 12:11:25 2016 +0200

    Fix use of a dangling pointer for Python breakpoint objects
    
    When a Python script tries to create a breakpoint but fails to do so,
    gdb.Breakpoint.__init__ raises an exception and the breakpoint does not
    exist anymore in the Python interpreter. However, GDB still keeps a
    reference to the Python object to be used for a later hook, which is
    wrong.
    
    This commit adds the necessary cleanup code so that there is no stale
    reference to this Python object. It also adds a new testcase to
    reproduce the bug and check the fix.
    
    2016-06-25  Pierre-Marie de Rodat  <derodat@adacore.com>
    
    gdb/
    	* python/py-breakpoint.c (bppy_init): Clear bppy_pending_object
    	when there is an error during the breakpoint creation.
    
    gdb/testsuite
    
    	* gdb.python/py-breakpoint-create-fail.c,
    	gdb.python/py-breakpoint-create-fail.exp,
    	gdb.python/py-breakpoint-create-fail.py: New testcase.

Diff:
---
 gdb/ChangeLog                                      |  5 ++
 gdb/python/py-breakpoint.c                         |  1 +
 gdb/testsuite/ChangeLog                            |  6 +++
 .../gdb.python/py-breakpoint-create-fail.c         | 28 +++++++++++
 .../gdb.python/py-breakpoint-create-fail.exp       | 56 ++++++++++++++++++++++
 .../gdb.python/py-breakpoint-create-fail.py        | 31 ++++++++++++
 6 files changed, 127 insertions(+)

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index e98a565..ad6f5d9 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2016-06-25  Pierre-Marie de Rodat  <derodat@adacore.com>
+
+	* python/py-breakpoint.c (bppy_init): Clear bppy_pending_object
+	when there is an error during the breakpoint creation.
+
 2016-06-25  Tom Tromey  <tom@tromey.com>
 
 	* rust-lang.c (rust_get_disr_info, rust_print_type): Fix
diff --git a/gdb/python/py-breakpoint.c b/gdb/python/py-breakpoint.c
index ed9cae6..5918bcc 100644
--- a/gdb/python/py-breakpoint.c
+++ b/gdb/python/py-breakpoint.c
@@ -705,6 +705,7 @@ bppy_init (PyObject *self, PyObject *args, PyObject *kwargs)
     }
   CATCH (except, RETURN_MASK_ALL)
     {
+      bppy_pending_object = NULL;
       PyErr_Format (except.reason == RETURN_QUIT
 		    ? PyExc_KeyboardInterrupt : PyExc_RuntimeError,
 		    "%s", except.message);
diff --git a/gdb/testsuite/ChangeLog b/gdb/testsuite/ChangeLog
index 0db0fc2..f5bdb40 100644
--- a/gdb/testsuite/ChangeLog
+++ b/gdb/testsuite/ChangeLog
@@ -1,3 +1,9 @@
+2016-06-27  Pierre-Marie de Rodat  <derodat@adacore.com>
+
+	* gdb.python/py-breakpoint-create-fail.c,
+	gdb.python/py-breakpoint-create-fail.exp,
+	gdb.python/py-breakpoint-create-fail.py: New testcase.
+
 2016-06-25  Manish Goregaokar  <manish@mozilla.com>
 
 	PR gdb/20239
diff --git a/gdb/testsuite/gdb.python/py-breakpoint-create-fail.c b/gdb/testsuite/gdb.python/py-breakpoint-create-fail.c
new file mode 100644
index 0000000..c346bdd
--- /dev/null
+++ b/gdb/testsuite/gdb.python/py-breakpoint-create-fail.c
@@ -0,0 +1,28 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2016 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see  <http://www.gnu.org/licenses/>.  */
+
+int
+foo (int a)
+{
+  return a * 2;
+}
+
+int
+main (void)
+{
+  return foo (2);
+}
diff --git a/gdb/testsuite/gdb.python/py-breakpoint-create-fail.exp b/gdb/testsuite/gdb.python/py-breakpoint-create-fail.exp
new file mode 100644
index 0000000..354a91e
--- /dev/null
+++ b/gdb/testsuite/gdb.python/py-breakpoint-create-fail.exp
@@ -0,0 +1,56 @@
+# Copyright (C) 2016 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# This file is part of the GDB testsuite.  It tests proper handling for
+# breakpoint creation failure.
+
+load_lib gdb-python.exp
+
+standard_testfile
+
+if { [prepare_for_testing ${testfile}.exp ${testfile} ${srcfile}] } {
+    return -1
+}
+
+# Skip all tests if Python scripting is not enabled.
+if { [skip_python_tests] } { continue }
+
+clean_restart "${testfile}"
+if ![runto_main] {
+    perror "could not run to main"
+    continue
+}
+
+# The following will create a breakpoint Python wrapper whose construction will
+# abort: the requested symbol is not defined.  GDB should not keep a reference
+# to the wrapper; however it used to...
+gdb_test "source py-breakpoint-create-fail.py"
+
+# ... and when it did, as a result, the following breakpoint creation (not
+# initiated by the Python API) would dereference the already-freed Python
+# breakpoint wrapper, resulting in undefined behavior, sometimes observed as a
+# gdb crash, and other times causing the next stop to invoke the Python wrapper
+# "stop" method for the object that is not supposed to exist.
+gdb_test "break foo"
+
+set test "continuing to foo"
+gdb_test_multiple "continue" "$test" {
+    -re "MyBP\.stop was invoked\!.*$gdb_prompt $" {
+        fail "$test"
+    }
+    -re "Continuing.*Breakpoint 2, foo.*$gdb_prompt $" {
+        pass "$test"
+    }
+}
diff --git a/gdb/testsuite/gdb.python/py-breakpoint-create-fail.py b/gdb/testsuite/gdb.python/py-breakpoint-create-fail.py
new file mode 100644
index 0000000..845eb0f
--- /dev/null
+++ b/gdb/testsuite/gdb.python/py-breakpoint-create-fail.py
@@ -0,0 +1,31 @@
+# Copyright (C) 2016 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import gdb
+
+
+class MyBP(gdb.Breakpoint):
+    def stop(self):
+        print('MyBP.stop was invoked!')
+        # Don't make this breakpoint stop
+        return False
+
+
+try:
+    bp = MyBP('does_not_exist', gdb.BP_WATCHPOINT)
+except RuntimeError:
+    pass
+else:
+    assert False


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]