Bug 16487 - crash in py-framefilter.c
Summary: crash in py-framefilter.c
Status: RESOLVED FIXED
Alias: None
Product: gdb
Classification: Unclassified
Component: python (show other bugs)
Version: HEAD
: P2 normal
Target Milestone: 7.7
Assignee: Tom Tromey
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-22 07:09 UTC by Tom Tromey
Modified: 2014-01-23 15:37 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tom Tromey 2014-01-22 07:09:07 UTC
I ran across a crash in py-framefilter.c:

(top-gdb) bt 5
#0  0x0000000000678340 in gdb_Py_DECREF (op=0x0)
    at ../../binutils-gdb/gdb/python/python-internal.h:182
#1  0x000000000067a326 in py_print_frame (filter=
    <SignalFrame(frames=[<FrameDecorator(_base=<gdb.Frame at remote 0x239d930>) at remote 0x23a7e90>, <FrameDecorator(_base=<gdb.Frame at remote 0x23a7eb0>) at remote 0x23a7e10>, <FrameDecorator(_base=<gdb.Frame at remote 0x23a7e30>) at remote 0x23a7d90>, <FrameDecorator(_base=<gdb.Frame at remote 0x23a7db0>) at remote 0x23a7d10>, <FrameDecorator(_base=<gdb.Frame at remote 0x23a7d30>) at remote 0x23a7c90>], frame=<...>) at remote 0x23afb48>, flags=7, 
    args_type=CLI_SCALAR_VALUES, out=0x23d8220, indent=0, 
    levels_printed=0x2719990)
    at ../../binutils-gdb/gdb/python/py-framefilter.c:1222


I have a patch.
Comment 1 Tom Tromey 2014-01-22 15:42:19 UTC
Mine.
Comment 2 cvs-commit@gcc.gnu.org 2014-01-23 15:09:45 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
       via  83b645b833a4c137441b2ba1c03206371b28c9db (commit)
       via  0740f8d82dd18e48d1531c8d86b531341fc9e099 (commit)
       via  21909fa1c6d934bfa0c7ad3ef95909db48f6f756 (commit)
      from  17fde6d091a9a661119d152e2304012de5fce056 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=83b645b833a4c137441b2ba1c03206371b28c9db

commit 83b645b833a4c137441b2ba1c03206371b28c9db
Author: Tom Tromey <tromey@redhat.com>
Date:   Wed Jan 22 08:52:15 2014 -0700

    avoid python exception in FrameDecorator.py
    
    This fixes a bug in FrameDecorator.py.
    
    FrameVars seems to assume that Frame.block can return None if there is
    no block.  However, it actually throws an exception.
    
    I saw this bug while developing a frame filter, but unfortunately I
    don't know how to reproduce it.  It seems to me that the SAL tests in
    _is_limited_frame should exclude the bad cases; and in my attempts to
    write a test they do.
    
    Nevertheless I think the fix is reasonably obvious and ought to go in.
    
    2014-01-23  Tom Tromey  <tromey@redhat.com>
    
    	PR python/16485:
    	* python/lib/gdb/FrameDecorator.py: (FrameVars.fetch_frame_args):
    	Handle exception from frame.block.
    	(FrameVars.fetch_frame_locals): Likewise.

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0740f8d82dd18e48d1531c8d86b531341fc9e099

commit 0740f8d82dd18e48d1531c8d86b531341fc9e099
Author: Tom Tromey <tromey@redhat.com>
Date:   Wed Jan 22 08:44:41 2014 -0700

    fix erroneous error-handling in frame filter code
    
    This fixes PR python/16487.
    
    The bug here is that the function-name-handling code in py_print_frame
    had a small logic error (really a misplaced closing brace).  This
    error could lead to a Py_DECREF(NULL), which crashes.
    
    This patch fixes the bug in the obvious way.
    
    Built and regtested on x86-64 Fedora 18.  New test case included.
    
    2014-01-23  Tom Tromey  <tromey@redhat.com>
    
    	PR python/16487:
    	* python/py-framefilter.c (py_print_frame): Don't call Py_DECREF
    	on a NULL pointer.  Move "goto error" to correct place.
    
    2014-01-23  Tom Tromey  <tromey@redhat.com>
    
    	PR python/16487:
    	* gdb.python/py-framefilter.exp: Add test using "Error" filter.
    	* gdb.python/py-framefilter.py (ErrorInName, ErrorFilter): New
    	classes.

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=21909fa1c6d934bfa0c7ad3ef95909db48f6f756

commit 21909fa1c6d934bfa0c7ad3ef95909db48f6f756
Author: Tom Tromey <tromey@redhat.com>
Date:   Wed Jan 22 08:10:01 2014 -0700

    fix crash in frame filters
    
    apply_frame_filter calls ensure_python_env before computing the
    gdbarch to use.  This means that python_gdbarch can be NULL while in
    Python code, and if a frame filter depends on this somehow (easy to
    do), gdb will crash.
    
    The fix is to compute the gdbarch first.
    
    Built and regtested on x86-64 Fedora 18.
    New test case included.
    
    2014-01-23  Tom Tromey  <tromey@redhat.com>
    
    	PR python/16491:
    	* python/py-framefilter.c (apply_frame_filter): Call
    	ensure_python_env after computing gdbarch.
    
    2014-01-23  Tom Tromey  <tromey@redhat.com>
    
    	PR python/16491:
    	* gdb.python/py-framefilter.py (Reverse_Function.function): Read a
    	string from an inferior frame.
    	* gdb.python/py-framefilter-mi.exp: Update.

-----------------------------------------------------------------------

Summary of changes:
 gdb/ChangeLog                                  |   19 ++++++++++++++++++
 gdb/python/lib/gdb/FrameDecorator.py           |   12 +++++++++-
 gdb/python/py-framefilter.c                    |   14 ++++++------
 gdb/testsuite/ChangeLog                        |   14 +++++++++++++
 gdb/testsuite/gdb.python/py-framefilter-mi.exp |    4 +-
 gdb/testsuite/gdb.python/py-framefilter.exp    |   11 ++++++++++
 gdb/testsuite/gdb.python/py-framefilter.py     |   25 +++++++++++++++++++++++-
 7 files changed, 87 insertions(+), 12 deletions(-)
Comment 3 cvs-commit@gcc.gnu.org 2014-01-23 15:27:45 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, gdb-7.7-branch has been updated
       via  56d4c712a8fa3a3e06a2ae91881ef4d702e5b491 (commit)
       via  4c9a21f6a57e0e2e382aac327f6edaa1475dd3f1 (commit)
       via  fc4475140dfddf8b10e73a2908cc3ab690641261 (commit)
      from  4492782b126d30cd3c6af9e9b9ac80057528a32a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56d4c712a8fa3a3e06a2ae91881ef4d702e5b491

commit 56d4c712a8fa3a3e06a2ae91881ef4d702e5b491
Author: Tom Tromey <tromey@redhat.com>
Date:   Wed Jan 22 08:52:15 2014 -0700

    avoid python exception in FrameDecorator.py
    
    This fixes a bug in FrameDecorator.py.
    
    FrameVars seems to assume that Frame.block can return None if there is
    no block.  However, it actually throws an exception.
    
    I saw this bug while developing a frame filter, but unfortunately I
    don't know how to reproduce it.  It seems to me that the SAL tests in
    _is_limited_frame should exclude the bad cases; and in my attempts to
    write a test they do.
    
    Nevertheless I think the fix is reasonably obvious and ought to go in.
    
    2014-01-23  Tom Tromey  <tromey@redhat.com>
    
    	PR python/16485:
    	* python/lib/gdb/FrameDecorator.py: (FrameVars.fetch_frame_args):
    	Handle exception from frame.block.
    	(FrameVars.fetch_frame_locals): Likewise.

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4c9a21f6a57e0e2e382aac327f6edaa1475dd3f1

commit 4c9a21f6a57e0e2e382aac327f6edaa1475dd3f1
Author: Tom Tromey <tromey@redhat.com>
Date:   Wed Jan 22 08:44:41 2014 -0700

    fix erroneous error-handling in frame filter code
    
    This fixes PR python/16487.
    
    The bug here is that the function-name-handling code in py_print_frame
    had a small logic error (really a misplaced closing brace).  This
    error could lead to a Py_DECREF(NULL), which crashes.
    
    This patch fixes the bug in the obvious way.
    
    Built and regtested on x86-64 Fedora 18.  New test case included.
    
    2014-01-23  Tom Tromey  <tromey@redhat.com>
    
    	PR python/16487:
    	* python/py-framefilter.c (py_print_frame): Don't call Py_DECREF
    	on a NULL pointer.  Move "goto error" to correct place.
    
    2014-01-23  Tom Tromey  <tromey@redhat.com>
    
    	PR python/16487:
    	* gdb.python/py-framefilter.exp: Add test using "Error" filter.
    	* gdb.python/py-framefilter.py (ErrorInName, ErrorFilter): New
    	classes.

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fc4475140dfddf8b10e73a2908cc3ab690641261

commit fc4475140dfddf8b10e73a2908cc3ab690641261
Author: Tom Tromey <tromey@redhat.com>
Date:   Wed Jan 22 08:10:01 2014 -0700

    fix crash in frame filters
    
    apply_frame_filter calls ensure_python_env before computing the
    gdbarch to use.  This means that python_gdbarch can be NULL while in
    Python code, and if a frame filter depends on this somehow (easy to
    do), gdb will crash.
    
    The fix is to compute the gdbarch first.
    
    Built and regtested on x86-64 Fedora 18.
    New test case included.
    
    2014-01-23  Tom Tromey  <tromey@redhat.com>
    
    	PR python/16491:
    	* python/py-framefilter.c (apply_frame_filter): Call
    	ensure_python_env after computing gdbarch.
    
    2014-01-23  Tom Tromey  <tromey@redhat.com>
    
    	PR python/16491:
    	* gdb.python/py-framefilter.py (Reverse_Function.function): Read a
    	string from an inferior frame.
    	* gdb.python/py-framefilter-mi.exp: Update.

-----------------------------------------------------------------------

Summary of changes:
 gdb/ChangeLog                                  |   19 ++++++++++++++++++
 gdb/python/lib/gdb/FrameDecorator.py           |   12 +++++++++-
 gdb/python/py-framefilter.c                    |   14 ++++++------
 gdb/testsuite/ChangeLog                        |   14 +++++++++++++
 gdb/testsuite/gdb.python/py-framefilter-mi.exp |    4 +-
 gdb/testsuite/gdb.python/py-framefilter.exp    |   11 ++++++++++
 gdb/testsuite/gdb.python/py-framefilter.py     |   25 +++++++++++++++++++++++-
 7 files changed, 87 insertions(+), 12 deletions(-)
Comment 4 Tom Tromey 2014-01-23 15:37:34 UTC
Fixed.