[patch] Fix a crash due to a VALUE double free

Luis Machado luisgpm@linux.vnet.ibm.com
Mon Jul 14 16:45:00 GMT 2008 

Hi Jan,


This testcase is currently failing for PPC64.

Running /home/luis/src/gdb/gdb-head/HEAD/gdb/testsuite/gdb.base/value-double-free.exp ...
FAIL: gdb.base/value-double-free.exp: continue
FAIL: gdb.base/value-double-free.exp: print empty()

More complete log:

(gdb) run ^M
Starting
program: /home/luis/builds/gdb-head/DFP/gdb/testsuite/gdb.base/value-double-free ^M
^M
Breakpoint 1, main ()
at /home/luis/src/gdb/gdb-head/HEAD/gdb/testsuite/gdb.base/value-double-free.c:31^M
31        var = 1;^M
(gdb) watch var^M
Hardware watchpoint 2: var^M
(gdb) PASS: gdb.base/value-double-free.exp: watch var
continue^M
Continuing.^M
Target is executing.^M
(gdb) FAIL: gdb.base/value-double-free.exp: continue
print empty()^M
Target is executing.^M
(gdb) FAIL: gdb.base/value-double-free.exp: print empty()
help help^M
Print list of commands.^M
(gdb) PASS: gdb.base/value-double-free.exp: help help
testcase /home/luis/src/gdb/gdb-head/HEAD/gdb/testsuite/gdb.base/value-double-free.exp completed in 1 seconds


On Mon, 2008-07-07 at 23:18 +0200, Jan Kratochvil wrote:
> Hi,
> 
> it crashes if you call an inferior function right after a watchpoint hit.
> 
> Bugreported with a reproducer by Jakub Jelinek.
> 
> 
> Regards,
> Jan
> plain text document attachment (gdb-value-double-free.patch)
> gdb/
> 2008-07-07  Jan Kratochvil  <jan.kratochvil@redhat.com>
> 
> 	* breakpoint.c (bpstat_copy): Call RELEASE_VALUE on the new OLD_VAL.
> 
> gdb/testsuite/
> 2008-07-07  Jan Kratochvil  <jan.kratochvil@redhat.com>
> 
> 	* gdb.base/value-double-free.exp, gdb.base/value-double-free.c: New.
> 
> --- gdb/breakpoint.c	28 Jun 2008 09:42:15 -0000	1.327
> +++ gdb/breakpoint.c	7 Jul 2008 21:12:14 -0000
> @@ -1996,7 +1996,10 @@ bpstat_copy (bpstat bs)
>        if (bs->commands != NULL)
>  	tmp->commands = copy_command_lines (bs->commands);
>        if (bs->old_val != NULL)
> -	tmp->old_val = value_copy (bs->old_val);
> +	{
> +	  tmp->old_val = value_copy (bs->old_val);
> +	  release_value (tmp->old_val);
> +	}
> 
>        if (p == NULL)
>  	/* This is the first thing in the chain.  */
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ gdb/testsuite/gdb.base/value-double-free.c	7 Jul 2008 21:12:17 -0000
> @@ -0,0 +1,36 @@
> +/* This testcase is part of GDB, the GNU debugger.
> +
> +   Copyright 2008 Free Software Foundation, Inc.
> +
> +   This program is free software; you can redistribute it and/or modify
> +   it under the terms of the GNU General Public License as published by
> +   the Free Software Foundation; either version 3 of the License, or
> +   (at your option) any later version.
> +
> +   This program is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +   GNU General Public License for more details.
> +
> +   You should have received a copy of the GNU General Public License
> +   along with this program.  If not, see <http://www.gnu.org/licenses/>.
> +
> +   Please email any bugs, comments, and/or additions to this file to:
> +   bug-gdb@prep.ai.mit.edu  */
> +
> +volatile int var;
> +
> +void
> +empty (void)
> +{
> +}
> +
> +int
> +main (void)
> +{
> +  var = 1;
> +  /* Workaround PR 38: We may miss the first watchpoint hit as we stop on the
> +     exact instruction which would cause the watchpoint hit.  */
> +  var = 2;
> +  return 0;
> +}
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ gdb/testsuite/gdb.base/value-double-free.exp	7 Jul 2008 21:12:17 -0000
> @@ -0,0 +1,38 @@
> +# Copyright 2008 Free Software Foundation, Inc.
> +
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 3 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program.  If not, see <http://www.gnu.org/licenses/>.
> +
> +set testfile value-double-free
> +set srcfile ${testfile}.c
> +set binfile ${objdir}/${subdir}/${testfile}
> +if  { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}" executable {debug}] != "" } {
> +    untested "Couldn't compile test program"
> +    return -1
> +}
> +
> +# Get things started.
> +
> +gdb_exit
> +gdb_start
> +gdb_reinitialize_dir $srcdir/$subdir
> +gdb_load ${binfile}
> +
> +if ![runto_main] {
> +    return -1
> +}
> +gdb_test "watch var" "atchpoint \[0-9\]+: var"
> +gdb_test "continue" "atchpoint \[0-9\]+: var.*Old value = 0.*New value = \[12\].*"
> +gdb_test "print empty()" " = void"
> +# We did segfault here.
> +gdb_test "help help"
-- 
Luis Machado
Software Engineer 
IBM Linux Technology Center

More information about the Gdb-patches mailing list