Crash when casting a gdb.Value
Richard Ward
richard.j.ward1@googlemail.com
Tue May 26 12:48:00 GMT 2009
Found a reproducible crash in the project archer python branch.
The problem occurs when you cast a gdb.Value to it's own type.
Reproduction (works with any executable):
gdb /bin/sleep
run 20
^C
python v=gdb.Value("string");v=v.cast(v.type);print v
Sometimes have to run the last command a few times to make sure python's
Garbage Collection kicks in. When it does it will segfault, or one of a
couple of other (probably fatal) things will happen.
This occurs because when you cast a value to its own type valpy_cast will
call value_to_value_object with a value that is already tracked by a
value_object, and at some point down the line it will be double-freed.
If its of any use I've attached a patch that fixes valpy_cast, and adds a
warning to the comment above value_to_value_object. I also checked all
the other callers to value_to_value_object, but they all seem ok.
It would seem nicer if value_to_value_object could track whether a value
its being passed is already tracked, and increment the refcount if it was,
but that would require either extra space or extra time.
This was found on an up to date git checkout of origin/archer-tromey-python.
2009-05-25 Richard Ward <richard.j.ward1@googlemail.com>
* gdb/python/python-value.c
Fixed bad call in valpy_cast to value_to_value_object which was
causing a crash when the value was collected.
Added a warning about this problem in comment.
Richard Ward
-------------- next part --------------
A non-text attachment was scrubbed...
Name: python_value_crash_fix.patch
Type: text/x-patch
Size: 1606 bytes
Desc: not available
URL: <http://sourceware.org/pipermail/archer/attachments/20090526/f6759aa6/attachment.bin>
More information about the Archer
mailing list