This is the mail archive of the
gdb-prs@sources.redhat.com
mailing list for the GDB project.
varobj/1873: -var-create on invalid expression causes seg. fault
- From: ross at tensilica dot com
- To: gdb-gnats at sources dot redhat dot com
- Date: 19 Feb 2005 00:56:35 -0000
- Subject: varobj/1873: -var-create on invalid expression causes seg. fault
- Reply-to: ross at tensilica dot com
>Number: 1873
>Category: varobj
>Synopsis: -var-create on invalid expression causes seg. fault
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Feb 19 00:58:00 UTC 2005
>Closed-Date:
>Last-Modified:
>Originator: ross@tensilica.com
>Release: 5.2.1
>Organization:
>Environment:
Linux RH 7.3
>Description:
-var-create on an expression that's invalid (eg. "(*1)")
creates a variable and retains a ptr in var->value. That
gets freed by free_all_values() next command. Later a
-var-update or -var-evaluate-expression on that variable
dereferences the freed memory, causing a seg. fault.
Here's the relevant code snippet from varobj_create():
/* We definitively need to catch errors here.
If evaluate_expression succeeds we got the value we wanted.
But if it fails, we still go on with a call to evaluate_type() */
if (gdb_evaluate_expression (var->root->exp, &var->value))
{
/* no error */
release_value (var->value);
if (VALUE_LAZY (var->value))
gdb_value_fetch_lazy (var->value);
}
else
var->value = evaluate_type (var->root->exp);
var->type = VALUE_TYPE (var->value);
gdb_evaluate_expression() fails, and GDB goes on to
evaluate_type(). I don't think simply clearing var->value
is correct. Maybe release_value()? I don't have the time
to acquire enough knowledge of GDB varobj.
I looked at the GDB 6.3 source and it seems to be the same.
Now why would anyone try to evaluate *1? It's some tool that
uses MI, one of our customers reported. I'm not clear on why
GDB even creates the variable in this case, but it does.
GDB should report an error, not crash.
>How-To-Repeat:
gdb -i=mi foo
-break-insert main
-exec-run
-var-create - * (*1)
-var-evaluate-expression var1
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: