[Bug testsuite/21553] Double free in gdb when running gdb.linespec/ls-errs.exp

palves at redhat dot com sourceware-bugzilla@sourceware.org
Tue Jun 6 13:40:00 GMT 2017


https://sourceware.org/bugzilla/show_bug.cgi?id=21553

--- Comment #3 from Pedro Alves <palves at redhat dot com> ---
Valgrind shows:

$valgrind ./gdb ./testsuite/outputs/gdb.linespec/ls-errs/ls-errs -ex "b -line 3
1"
(...)
Reading symbols from ./testsuite/outputs/gdb.linespec/ls-errs/ls-errs...done.
==21622== Invalid free() / delete / delete[] / realloc()
==21622==    at 0x4C29CF0: free (vg_replace_malloc.c:530)
==21622==    by 0x60BBE5: xfree(void*) (common-utils.c:100)
==21622==    by 0x5E12B9: breakpoint::~breakpoint() (breakpoint.c:12740)
==21622==    by 0x5E1319: breakpoint::~breakpoint() (breakpoint.c:12742)
==21622==    by 0x5E94DB:
std::default_delete<breakpoint>::operator()(breakpoint*) const
(unique_ptr.h:76)
==21622==    by 0x5E8CB4: std::unique_ptr<breakpoint,
std::default_delete<breakpoint> >::~unique_ptr() (unique_ptr.h:236)
==21622==    by 0x5DA1FD: create_breakpoint_sal(gdbarch*, symtabs_and_lines,
std::unique_ptr<event_location, event_location_deleter>&&, char*, char*, char*,
bptype, bpdisp, int, int, int, breakpoint_ops const*, int, int, int, unsigned
int, int) (breakpoint.c:9317)
==21622==    by 0x5DA396: create_breakpoints_sal(gdbarch*, linespec_result*,
char*, char*, bptype, bpdisp, int, int, int, breakpoint_ops const*, int, int,
int, unsigned int) (breakpoint.c:9378)
==21622==    by 0x5E4246: create_breakpoints_sal_default(gdbarch*,
linespec_result*, char*, char*, bptype, bpdisp, int, int, int, breakpoint_ops
const*, int, int, int, unsigned int) (breakpoint.c:14368)
==21622==    by 0x5E1DB0: bkpt_create_breakpoints_sal(gdbarch*,
linespec_result*, char*, char*, bptype, bpdisp, int, int, int, breakpoint_ops
const*, int, int, int, unsigned int) (breakpoint.c:13106)
==21622==    by 0x5DB211: create_breakpoint(gdbarch*, event_location const*,
char*, int, char*, int, int, bptype, int, auto_boolean, breakpoint_ops const*,
int, int, int, unsigned int) (breakpoint.c:9793)
==21622==    by 0x5DB731: break_command_1(char*, int, int) (breakpoint.c:9886)
==21622==  Address 0x142aaa20 is 0 bytes inside a block of size 2 free'd
==21622==    at 0x4C29CF0: free (vg_replace_malloc.c:530)
==21622==    by 0x60BBE5: xfree(void*) (common-utils.c:100)
==21622==    by 0x603893: do_my_cleanups(cleanup**, cleanup*) (cleanups.c:154)
==21622==    by 0x6038EE: do_cleanups(cleanup*) (cleanups.c:176)
==21622==    by 0x60B671: throw_exception_cxx(gdb_exception)
(common-exceptions.c:289)
==21622==    by 0x60B75A: throw_exception(gdb_exception)
(common-exceptions.c:317)
==21622==    by 0x60B8A8: throw_it(return_reason, errors, char const*,
__va_list_tag*) (common-exceptions.c:373)
==21622==    by 0x60B8D2: throw_verror(errors, char const*, __va_list_tag*)
(common-exceptions.c:379)
==21622==    by 0x7BF75D: verror(char const*, __va_list_tag*) (utils.c:432)
==21622==    by 0x67D8C0: error(char const*, ...) (errors.c:43)
==21622==    by 0x5DA049: init_breakpoint_sal(breakpoint*, gdbarch*,
symtabs_and_lines, std::unique_ptr<event_location, event_location_deleter>&&,
char*, char*, char*, bptype, bpdisp, int, int, int, breakpoint_ops const*, int,
int, int, unsigned int, int) (breakpoint.c:9294)
==21622==    by 0x5DA1BB: create_breakpoint_sal(gdbarch*, symtabs_and_lines,
std::unique_ptr<event_location, event_location_deleter>&&, char*, char*, char*,
bptype, bpdisp, int, int, int, breakpoint_ops const*, int, int, int, unsigned
int, int) (breakpoint.c:9326)
==21622==  Block was alloc'd at
==21622==    at 0x4C28BF6: malloc (vg_replace_malloc.c:299)
==21622==    by 0x60BABF: xmalloc (common-utils.c:43)
==21622==    by 0x60BFCF: savestring(char const*, unsigned long)
(common-utils.c:179)
==21622==    by 0x5DABBA: find_condition_and_thread(char const*, unsigned long,
char**, int*, int*, char**) (breakpoint.c:9594)
==21622==    by 0x5DB084: create_breakpoint(gdbarch*, event_location const*,
char*, int, char*, int, int, bptype, int, auto_boolean, breakpoint_ops const*,
int, int, int, unsigned int) (breakpoint.c:9759)
==21622==    by 0x5DB731: break_command_1(char*, int, int) (breakpoint.c:9886)
==21622==    by 0x5DBA0A: break_command(char*, int) (breakpoint.c:9947)
==21622==    by 0x4CF340: do_cfunc(cmd_list_element*, char*, int)
(cli-decode.c:106)
==21622==    by 0x4D225A: cmd_func(cmd_list_element*, char*, int)
(cli-decode.c:1896)
==21622==    by 0x7B5B70: execute_command(char*, int) (top.c:674)
==21622==    by 0x6FDF66: catch_command_errors(void (*)(char*, int), char*,
int) (main.c:376)
==21622==    by 0x6FF131: captured_main_1(captured_main_args*) (main.c:1121)
==21622== 
Garbage '1' at end of command
(gdb)

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Gdb-prs mailing list