This is the mail archive of the
gdb-patches@sources.redhat.com
mailing list for the GDB project.
Re: [RFA] GDB/622 - clear current breakpoint in commands causes trouble
- From: Michael Snyder <msnyder at redhat dot com>
- To: Joel Brobecker <brobecker at gnat dot com>
- Cc: gdb-patches at sources dot redhat dot com
- Date: Thu, 22 Aug 2002 18:37:55 -0700
- Subject: Re: [RFA] GDB/622 - clear current breakpoint in commands causes trouble
- Organization: Red Hat, Inc.
- References: <20020731195012.GK683@gnat.com>
Joel Brobecker wrote:
>
> As described in PR GDB/622:
>
> Using the program in the gdb.base/commands.exp testcase, the following
> session shows that clearing the current breakpoint inside its commands
> list causes a memory-corruption problem:
>
> (gdb) b factorial
> Breakpoint 1 at 0x8048582: file ./gdb.base/run.c, line 77.
> (gdb) commands
> Type commands for when breakpoint 1 is hit, one per line.
> End with a line saying just "end".
> >silent
> >printf "factorial command-list executed\n"
> >clear factorial
> >cont
> >end
> (gdb) run 1
> Starting program: [...]/gdb.base/commands 1
> factorial command-list executed
> warning: Invalid control type in command structure. <<<--- (1)
> (gdb)
>
> (1) shows that the command-list becomes corrupted, and as a consequence,
> the execution is not resumed. Instead, the expected output from the run
> command is:
>
> Starting program: [...]/gdb.base/run 1
> factorial command-list executed
> 1
>
> Program exited normally.
> (gdb)
>
> The fix consists into executing a copy of the commands list, to protect
> this execution from using a list that has been freed. The attached patch
> introduces no regression. A new test has also been added to commands.exp.
>
> Ok to apply?
>
> 2002-07-31 Joel Brobecker <brobecker@gnat.com>
>
> * cli/cli-scripts.c (copy_command_lines): New function.
> (make_cleanup_free_command_lines): Make this function non static.
>
> * defs.h (copy_command_lines): Add definition.
> (make_cleanup_free_command_lines): Add definition.
>
> * breakpoint.c (bpstat_do_actions): Execute a temporary copy of
> the command-list associated to each breakpoint hit, in order to
> avoid accessing a dangling pointer, in case one of the commands
> in the list causes the breakpoint to be deleted.
>
> Thanks,
> --
> Joel
Hey Joel,
I've discovered a slight problem in this patch.
Your clean-ups are never being called. Look at the bottom of
bpstat_do_actions. They're just discarded.
The second problem is that, if they ever WERE called,
they would probably cause a heap corruption error, because
the value of &cmd is always the same.
Michael