[Bug gdb/21194] ERROR: AddressSanitizer: heap-buffer-overflow on address

["qiyao at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=21194

--- Comment #1 from Yao Qi <qiyao at gcc dot gnu.org> ---
If I add asserts in value_contents_copy_raw, it is triggered too,

diff --git a/gdb/value.c b/gdb/value.c
index 557c300..ae5ec78 100644
--- a/gdb/value.c
+++ b/gdb/value.c
@@ -1356,6 +1356,10 @@ value_contents_copy_raw (struct value *dst, LONGEST
dst_offset,
                                             TARGET_CHAR_BIT * length));

   /* Copy the data.  */
+  gdb_assert (length * unit_size + dst_offset * unit_size
+             <= TYPE_LENGTH (dst->enclosing_type));
+  gdb_assert (length * unit_size + src_offset * unit_size
+             <= TYPE_LENGTH (src->enclosing_type));
   memcpy (value_contents_all_raw (dst) + dst_offset * unit_size,
          value_contents_all_raw (src) + src_offset * unit_size,
          length * unit_size);
----------------------------------------------

print g_vD^M
$91 = {<vB> = {<vA> = {va = 19, vx = 20}, _vptr.vB = 0x401300 <vtable for
vD+64>, vb = 21, vx = 22}, <vC> =
/home/yao/SourceCode/gnu/gdb/git/gdb/value.c:1362: internal-error: void
value_contents_copy_raw(value*, LONGEST, value*, LONGEST, LONGEST): Assertion
`length * unit_size + src_offset * unit_size <= TYPE_LENGTH
(src->enclosing_type)' failed.^M
A problem internal to GDB has been detected,^M
further debugging may prove unreliable.^M
Quit this debugging session? (y or n) FAIL: gdb.cp/inherit.exp: print g_vD (GDB
internal error)

-- 
You are receiving this mail because:
You are on the CC list for the bug.