dangling pointer in so_list
Aleksandar Ristovski
aristovski@qnx.com
Wed Aug 31 20:12:00 GMT 2011
I should have mentioned that there were no regressions (tested on
x86_64-unknown-linux-gnu configuration).
On 11-08-31 04:01 PM, Aleksandar Ristovski wrote:
> Hello,
>
> I run into a gdb crash examining a core file. This happened on gdb 7.3,
> on QNX. Unfortunately, I could not come up with a reproducible testcase
> on gnu/linux due to differences in dynamic linkers, but offer a detailed
> explanation instead:
>
> What happened is that a process loaded the same shared object more than
> once. Then it crashed and a core was generated.
>
> In the core, we had a link map specifying the same shared object more
> than once. While traversing the link map, gdb loaded shared objects
> (symbols), thus associating each so_list object with an objfile object.
> During the process, it detected duplicates and associated multiple
> so_list objects with the same objfile instance.
>
> At this point, a change to solib-search-path causes gdb to reload
> symbols, and the crash happens: while traversing so_list in
> solib.c:reload_shared_libraries_1, in one iteration gdb calls
> 'free_objfile' with a pointer to an instance of the objfile. In a
> subsequent iteration, it tries to do the same with, now, dangling
> pointer to the same objfile object. Not good.
>
> The attached patch fixes the issue.
>
>
> Thanks,
>
> Aleksandar Ristovski
> QNX Software Systems
>
>
>
> ChangeLog:
> <date> Aleksandar Ristovski <aristovski@qnx.com>
>
> * solib.c (reload_shared_libraries_1): Check whether objfile is used before
> freeing it.
More information about the Gdb-patches
mailing list