25283 – ASan errors when using "layout next"

Bug 25283 - ASan errors when using "layout next"

Summary: ASan errors when using "layout next"

Status:	RESOLVED FIXED

Alias:	None

Product:	gdb
Classification:	Unclassified
Component:	tui (show other bugs)
Version:	HEAD

Importance:	P2 normal
Target Milestone:	10.1
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-12-15 21:10 UTC by Simon Marchi
Modified:	2020-01-04 18:21 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Simon Marchi 2019-12-15 21:10:47 UTC

I stumbled on an ASan crash, I suppose due to the recent TUI changes.  There are two ways of triggering the crash, that give two different backtraces, but I think they are due to the same root cause.

(1)

$ ./gdb --data-directory=data-directory -batch -ex "layout next"

Gives the following report:

=================================================================
==2775682==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x608000009a20 in thread T0:
  object passed to delete has wrong type:
  size of the allocated type:   88 bytes;
  size of the deallocated type: 24 bytes.
    #0 0x7fdd205cd07e in operator delete(void*, unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:177
    #1 0x5615d035f00d in std::default_delete<tui_layout_base>::operator()(tui_layout_base*) const /usr/include/c++/9.2.0/bits/unique_ptr.h:81
    #2 0x5615d035e328 in std::unique_ptr<tui_layout_base, std::default_delete<tui_layout_base> >::~unique_ptr() /usr/include/c++/9.2.0/bits/unique_ptr.h:284
    #3 0x7fdd1f5fb6a6 in __run_exit_handlers (/usr/lib/libc.so.6+0x3e6a6)
    #4 0x7fdd1f5fb85d in __GI_exit (/usr/lib/libc.so.6+0x3e85d)
    #5 0x5615d02a72ac in quit_force(int*, int) /home/simark/src/binutils-gdb/gdb/top.c:1766
    #6 0x5615cfad429a in captured_main_1 /home/simark/src/binutils-gdb/gdb/main.c:1183
    #7 0x5615cfad4814 in captured_main /home/simark/src/binutils-gdb/gdb/main.c:1192
    #8 0x5615cfad48a9 in gdb_main(captured_main_args*) /home/simark/src/binutils-gdb/gdb/main.c:1217
    #9 0x5615cef1d9cd in main /home/simark/src/binutils-gdb/gdb/gdb.c:32
    #10 0x7fdd1f5e4152 in __libc_start_main (/usr/lib/libc.so.6+0x27152)
    #11 0x5615cef1d79d in _start (/home/simark/build/binutils-gdb/gdb/gdb+0x11fb79d)

0x608000009a20 is located 0 bytes inside of 88-byte region [0x608000009a20,0x608000009a78)
allocated by thread T0 here:
    #0 0x7fdd205cb8f8 in operator new(unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:104
    #1 0x5615d0358906 in tui_layout_split::clone() const /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:515
    #2 0x5615d035660e in show_layout /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:90
    #3 0x5615d03567db in tui_set_layout(tui_layout_type) /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:116
    #4 0x5615d038af4f in tui_enable() /home/simark/src/binutils-gdb/gdb/tui/tui.c:481
    #5 0x5615d0356eb2 in tui_layout_command /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:286
    #6 0x5615cf30169b in do_const_cfunc /home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:107
    #7 0x5615cf309859 in cmd_func(cmd_list_element*, char const*, int) /home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:1952
    #8 0x5615d02a3455 in execute_command(char const*, int) /home/simark/src/binutils-gdb/gdb/top.c:652
    #9 0x5615cfad1026 in catch_command_errors /home/simark/src/binutils-gdb/gdb/main.c:400
    #10 0x5615cfad41f2 in captured_main_1 /home/simark/src/binutils-gdb/gdb/main.c:1167
    #11 0x5615cfad4814 in captured_main /home/simark/src/binutils-gdb/gdb/main.c:1192
    #12 0x5615cfad48a9 in gdb_main(captured_main_args*) /home/simark/src/binutils-gdb/gdb/main.c:1217
    #13 0x5615cef1d9cd in main /home/simark/src/binutils-gdb/gdb/gdb.c:32
    #14 0x7fdd1f5e4152 in __libc_start_main (/usr/lib/libc.so.6+0x27152)

SUMMARY: AddressSanitizer: new-delete-type-mismatch /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:177 in operator delete(void*, unsigned long)
==2775682==HINT: if you don't care about these errors you may set ASAN_OPTIONS=new_delete_type_mismatch=0
==2775682==ABORTING

(2)

Just start GDB with:

$ ./gdb --data-directory=data-directory

Then type "layout next" twice (type "layout next" and press enter twice).  It gives the following report:

=================================================================
==2776313==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x608000009aa0 in thread T0:
  object passed to delete has wrong type:
  size of the allocated type:   88 bytes;
  size of the deallocated type: 24 bytes.
    #0 0x7f28f66e607e in operator delete(void*, unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:177
    #1 0x55e816cdb00d in std::default_delete<tui_layout_base>::operator()(tui_layout_base*) const /usr/include/c++/9.2.0/bits/unique_ptr.h:81
    #2 0x55e816cdb142 in std::unique_ptr<tui_layout_base, std::default_delete<tui_layout_base> >::reset(tui_layout_base*) /usr/include/c++/9.2.0/bits/unique_ptr.h:394
    #3 0x55e816cda3a5 in std::unique_ptr<tui_layout_base, std::default_delete<tui_layout_base> >::operator=(std::unique_ptr<tui_layout_base, std::default_delete<tui_layout_base> >&&) /usr/include/c++/9.2.0/bits/unique_ptr.h:299
    #4 0x55e816cd2622 in show_layout /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:90
    #5 0x55e816cd27db in tui_set_layout(tui_layout_type) /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:116
    #6 0x55e816cd2ebc in tui_layout_command /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:287
    #7 0x55e815c7d69b in do_const_cfunc /home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:107
    #8 0x55e815c85859 in cmd_func(cmd_list_element*, char const*, int) /home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:1952
    #9 0x55e816c1f455 in execute_command(char const*, int) /home/simark/src/binutils-gdb/gdb/top.c:652
    #10 0x55e816041ee1 in command_handler(char const*) /home/simark/src/binutils-gdb/gdb/event-top.c:587
    #11 0x55e816042804 in command_line_handler(std::unique_ptr<char, gdb::xfree_deleter<char> >&&) /home/simark/src/binutils-gdb/gdb/event-top.c:772
    #12 0x55e816040a85 in gdb_rl_callback_handler /home/simark/src/binutils-gdb/gdb/event-top.c:218
    #13 0x55e816eeb9a5 in rl_callback_read_char /home/simark/src/binutils-gdb/readline/readline/callback.c:281
    #14 0x55e8160405df in gdb_rl_callback_read_char_wrapper_noexcept /home/simark/src/binutils-gdb/gdb/event-top.c:176
    #15 0x55e8160407e3 in gdb_rl_callback_read_char_wrapper /home/simark/src/binutils-gdb/gdb/event-top.c:193
    #16 0x55e816041a88 in stdin_event_handler(int, void*) /home/simark/src/binutils-gdb/gdb/event-top.c:515
    #17 0x55e81603c1e5 in handle_file_event /home/simark/src/binutils-gdb/gdb/event-loop.c:731
    #18 0x55e81603ca7d in gdb_wait_for_event /home/simark/src/binutils-gdb/gdb/event-loop.c:857
    #19 0x55e81603a8aa in gdb_do_one_event() /home/simark/src/binutils-gdb/gdb/event-loop.c:346
    #20 0x55e81603a8d9 in start_event_loop() /home/simark/src/binutils-gdb/gdb/event-loop.c:370
    #21 0x55e81644ce94 in captured_command_loop /home/simark/src/binutils-gdb/gdb/main.c:359
    #22 0x55e816450819 in captured_main /home/simark/src/binutils-gdb/gdb/main.c:1202
    #23 0x55e8164508a9 in gdb_main(captured_main_args*) /home/simark/src/binutils-gdb/gdb/main.c:1217
    #24 0x55e8158999cd in main /home/simark/src/binutils-gdb/gdb/gdb.c:32
    #25 0x7f28f56fd152 in __libc_start_main (/usr/lib/libc.so.6+0x27152)
    #26 0x55e81589979d in _start (/home/simark/build/binutils-gdb/gdb/gdb+0x11fb79d)

0x608000009aa0 is located 0 bytes inside of 88-byte region [0x608000009aa0,0x608000009af8)
allocated by thread T0 here:
    #0 0x7f28f66e48f8 in operator new(unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:104
    #1 0x55e816cd4906 in tui_layout_split::clone() const /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:515
    #2 0x55e816cd260e in show_layout /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:90
    #3 0x55e816cd27db in tui_set_layout(tui_layout_type) /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:116
    #4 0x55e816d06f4f in tui_enable() /home/simark/src/binutils-gdb/gdb/tui/tui.c:481
    #5 0x55e816cd2eb2 in tui_layout_command /home/simark/src/binutils-gdb/gdb/tui/tui-layout.c:286
    #6 0x55e815c7d69b in do_const_cfunc /home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:107
    #7 0x55e815c85859 in cmd_func(cmd_list_element*, char const*, int) /home/simark/src/binutils-gdb/gdb/cli/cli-decode.c:1952
    #8 0x55e816c1f455 in execute_command(char const*, int) /home/simark/src/binutils-gdb/gdb/top.c:652
    #9 0x55e816041ee1 in command_handler(char const*) /home/simark/src/binutils-gdb/gdb/event-top.c:587
    #10 0x55e816042804 in command_line_handler(std::unique_ptr<char, gdb::xfree_deleter<char> >&&) /home/simark/src/binutils-gdb/gdb/event-top.c:772
    #11 0x55e816040a85 in gdb_rl_callback_handler /home/simark/src/binutils-gdb/gdb/event-top.c:218
    #12 0x55e816eeb9a5 in rl_callback_read_char /home/simark/src/binutils-gdb/readline/readline/callback.c:281
    #13 0x55e8160405df in gdb_rl_callback_read_char_wrapper_noexcept /home/simark/src/binutils-gdb/gdb/event-top.c:176
    #14 0x55e8160407e3 in gdb_rl_callback_read_char_wrapper /home/simark/src/binutils-gdb/gdb/event-top.c:193
    #15 0x55e816041a88 in stdin_event_handler(int, void*) /home/simark/src/binutils-gdb/gdb/event-top.c:515
    #16 0x55e81603c1e5 in handle_file_event /home/simark/src/binutils-gdb/gdb/event-loop.c:731
    #17 0x55e81603ca7d in gdb_wait_for_event /home/simark/src/binutils-gdb/gdb/event-loop.c:857
    #18 0x55e81603a8aa in gdb_do_one_event() /home/simark/src/binutils-gdb/gdb/event-loop.c:346
    #19 0x55e81603a8d9 in start_event_loop() /home/simark/src/binutils-gdb/gdb/event-loop.c:370
    #20 0x55e81644ce94 in captured_command_loop /home/simark/src/binutils-gdb/gdb/main.c:359
    #21 0x55e816450819 in captured_main /home/simark/src/binutils-gdb/gdb/main.c:1202
    #22 0x55e8164508a9 in gdb_main(captured_main_args*) /home/simark/src/binutils-gdb/gdb/main.c:1217
    #23 0x55e8158999cd in main /home/simark/src/binutils-gdb/gdb/gdb.c:32
    #24 0x7f28f56fd152 in __libc_start_main (/usr/lib/libc.so.6+0x27152)

SUMMARY: AddressSanitizer: new-delete-type-mismatch /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:177 in operator delete(void*, unsigned long)
==2776313==HINT: if you don't care about these errors you may set ASAN_OPTIONS=new_delete_type_mismatch=0
==2776313==ABORTING

Comment 1 Simon Marchi 2019-12-15 21:24:02 UTC

Ah, actually it's simpler than I thought, we are just missing a virtual destructor in tui_layout_base, so that the derived destructor is called when deleting the objects through a tui_layout_base pointer.  I'll make a patch.

Comment 2 Tom Tromey 2020-01-04 18:21:13 UTC

This was fixed.