This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [RFA] Fix leak in linespec.c

From: Tom Tromey <tom at tromey dot com>
To: Philippe Waroquiers <philippe dot waroquiers at skynet dot be>
Cc: Tom Tromey <tom at tromey dot com>, Simon Marchi <simon dot marchi at ericsson dot com>, "gdb-patches\@sourceware.org" <gdb-patches at sourceware dot org>
Date: Wed, 09 Jan 2019 16:10:07 -0700
Subject: Re: [RFA] Fix leak in linespec.c
References: <20190108062452.3942-1-philippe.waroquiers@skynet.be> <2c12aba6-cafa-54e2-9b69-96d95b82d3fb@ericsson.com> <8736q2zmqz.fsf@tromey.com> <1547004364.1500.5.camel@skynet.be>

>>>>> "Philippe" == Philippe Waroquiers <philippe.waroquiers@skynet.be> writes:

Philippe> 54 gdb/testsuite/v7_outputs/gdb.base/reread/gdb.log == Conditional jump or move depends on uninitialised value(s)

I think I have a fix for this one.  I plan to check it in soon, maybe
today, as it's been around for quite a while.

Philippe> 1 gdb/testsuite/v7_outputs/gdb.cp/inherit/gdb.log == Invalid read of size 8
Philippe> 1 gdb/testsuite/v7_outputs/gdb.cp/virtbase/gdb.log == Invalid read of size 2
Philippe> 5 gdb/testsuite/v7_outputs/gdb.cp/virtbase/gdb.log == Invalid read of size 8

I believe I saw these with ASAN as well.  I think what happens here is
that the pretty-printer code creates a value from a virtual base class
slice of an object, but doesn't "inflate" it to the full object,
resulting in some out-of-bounds reads.

Tom

References:
- [RFA] Fix leak in linespec.c
  - From: Philippe Waroquiers
- Re: [RFA] Fix leak in linespec.c
  - From: Simon Marchi
- Re: [RFA] Fix leak in linespec.c
  - From: Tom Tromey
- Re: [RFA] Fix leak in linespec.c
  - From: Philippe Waroquiers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]