This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug translator/15452] segmentation fault in libdw while running compiling debugtypes.stp on rawhide


http://sourceware.org/bugzilla/show_bug.cgi?id=15452

--- Comment #3 from Mark Wielaard <mjw at redhat dot com> 2013-05-10 18:16:38 UTC ---
The problematic DIEs are:

 [    a8]    variable
             name                 (string) "S1"
             decl_file            (data1) 1
             decl_line            (data1) 11
             type                 (ref4) [    bc]
             external             (flag_present) Yes
             location             (exprloc) 
              [   0] addr 0x601060 <S1>
 [    bc]    structure_type
             signature            (ref_sig8) {37e91ebb1355d09b}

The issue is in systemtap dwflpp::print_members, which has:

  // Try to get the first child of vardie.
  Dwarf_Die die_mem, import;
  Dwarf_Die *die = &die_mem;
  switch (dwarf_child (vardie, die))
    {
    case 1:                             // No children.
      o << _F("%s is empty", dwarf_type_name(vardie).c_str());
      break;

    case -1:                            // Error.
    default:                            // Shouldn't happen.
      o << dwarf_type_name(vardie)
        << ": " << dwarf_errmsg (-1);
      break;

    case 0:                             // Success.
      break;
    }

For the structure_type DIE dwarf_child will return 1 and die will be garbage.
So the following dwarf_siblingof (die, die) will crash.

The following will prevent the crash:

diff --git a/dwflpp.cxx b/dwflpp.cxx
index f41d6c7..55c411b 100644
--- a/dwflpp.cxx
+++ b/dwflpp.cxx
@@ -2473,13 +2473,13 @@ dwflpp::print_members(Dwarf_Die *vardie, ostream &o,
set<string> &dupes)
     {
     case 1:                            // No children.
       o << _F("%s is empty", dwarf_type_name(vardie).c_str());
-      break;
+      return;

     case -1:                           // Error.
     default:                           // Shouldn't happen.
       o << dwarf_type_name(vardie)
         << ": " << dwarf_errmsg (-1);
-      break;
+      return;

     case 0:                            // Success.
       break;

But obviously then the testcase will fail with:

semantic error: unable to find member 'l' for struct {...} (alternatives:struct
{...} is empty): operator '->' at
/home/mark/src/systemtap/testsuite/systemtap.pass1-4/debugtypes.stp:4:13
        source:   println($p->l)
                            ^

Pass 2: analysis failed.  [man error::pass2]

Because the code doesn't handle the DW_AT_signature.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]