5fe75eec33
(gdb) PASS: gdb.compile/compile.exp: set unwindonsignal on
compile code *(volatile int *) 0 = 0;
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7fba426 in _gdb_expr (__regs=0x7ffff7fb8000) at gdb command line:1
1 gdb command line: No such file or directory.
=================================================================
==10462==ERROR: AddressSanitizer: heap-use-after-free on address 0x621000cf7a3d at pc 0x0000004e46b9 bp 0x7ffdeb0f7a40 sp 0x7ffdeb0f71b8
READ of size 10 at 0x621000cf7a3d thread T0
#0 0x4e46b8 in printf_common(void*, char const*, __va_list_tag*) [clone .isra.6] (/home/jkratoch/redhat/gdb-clean-asan/gdb/gdb+0x4e46
b8)
#1 0x4f645e in vasprintf (/home/jkratoch/redhat/gdb-clean-asan/gdb/gdb+0x4f645e)
#2 0xe5cf00 in xstrvprintf common/common-utils.c:120
#3 0xe74192 in throw_it common/common-exceptions.c:332
#4 0xe742f6 in throw_verror common/common-exceptions.c:361
#5 0xddc89e in verror /home/jkratoch/redhat/gdb-clean-asan/gdb/utils.c:541
#6 0xe734bd in error common/errors.c:43
#7 0xafa1d6 in call_function_by_hand_dummy /home/jkratoch/redhat/gdb-clean-asan/gdb/infcall.c:1031
#8 0xe81858 in compile_object_run compile/compile-object-run.c:119
#9 0xe7733c in eval_compile_command compile/compile.c:577
#10 0xe7541e in compile_code_command compile/compile.c:153
It is obvious why that happens, dummy_frame_pop() will call compile objfile
cleanup which will free that objfile and NAME then becomes a stale pointer.
> Is there any reason we release OBJFILE in the dummy frame dtor? Why
> don't we register a cleanup to release in OBJFILE in compile_object_run?
> together with releasing compile_module? 'struct compile_module' has a
> field objfile, which should be released together with
> 'struct compile_module' instead of dummy_frame.
(gdb) break puts
Breakpoint 2 at 0x3830c6fd30: file ioputs.c, line 34.
(gdb) compile code puts("hello")
Breakpoint 2, _IO_puts (str=0x7ffff7ff8000 "hello") at ioputs.c:34
34 {
The program being debugged stopped while in a function called from GDB.
Evaluation of the expression containing the function
(_gdb_expr) will be abandoned.
When the function is done executing, GDB will silently stop.
(gdb) bt
(gdb) _
Now compile_object_run() called from line
(gdb) compile code puts("hello")
has finished for a long time. But we still need to have that injected code
OBJFILE valid when GDB is executing it. Therefore OBJFILE is freed only from
destructor of the frame #1.
At the patched line of call_function_by_hand_dummy() the dummy frame
destructor has not yet been run but it will be run before the fetched NAME
will get used.
gdb/ChangeLog
2015-05-19 Jan Kratochvil <jan.kratochvil@redhat.com>
Fix ASAN crash for gdb.compile/compile.exp.
* infcall.c (call_function_by_hand_dummy): Use xstrdup for NAME.
|
||
|---|---|---|
| bfd | ||
| binutils | ||
| config | ||
| cpu | ||
| elfcpp | ||
| etc | ||
| gas | ||
| gdb | ||
| gold | ||
| gprof | ||
| include | ||
| intl | ||
| ld | ||
| libdecnumber | ||
| libiberty | ||
| opcodes | ||
| readline | ||
| sim | ||
| texinfo | ||
| zlib | ||
| .cvsignore | ||
| .gitattributes | ||
| .gitignore | ||
| ChangeLog | ||
| compile | ||
| config-ml.in | ||
| config.guess | ||
| config.rpath | ||
| config.sub | ||
| configure | ||
| configure.ac | ||
| COPYING | ||
| COPYING3 | ||
| COPYING3.LIB | ||
| COPYING.LIB | ||
| COPYING.LIBGLOSS | ||
| COPYING.NEWLIB | ||
| depcomp | ||
| djunpack.bat | ||
| install-sh | ||
| libtool.m4 | ||
| lt~obsolete.m4 | ||
| ltgcc.m4 | ||
| ltmain.sh | ||
| ltoptions.m4 | ||
| ltsugar.m4 | ||
| ltversion.m4 | ||
| MAINTAINERS | ||
| Makefile.def | ||
| Makefile.in | ||
| Makefile.tpl | ||
| makefile.vms | ||
| missing | ||
| mkdep | ||
| mkinstalldirs | ||
| move-if-change | ||
| README | ||
| README-maintainer-mode | ||
| setup.com | ||
| src-release.sh | ||
| symlink-tree | ||
| ylwrap | ||
README for GNU development tools This directory contains various GNU compilers, assemblers, linkers, debuggers, etc., plus their support routines, definitions, and documentation. If you are receiving this as part of a GDB release, see the file gdb/README. If with a binutils release, see binutils/README; if with a libg++ release, see libg++/README, etc. That'll give you info about this package -- supported targets, how to use it, how to report bugs, etc. It is now possible to automatically configure and build a variety of tools with one command. To build all of the tools contained herein, run the ``configure'' script here, e.g.: ./configure make To install them (by default in /usr/local/bin, /usr/local/lib, etc), then do: make install (If the configure script can't determine your type of computer, give it the name as an argument, for instance ``./configure sun4''. You can use the script ``config.sub'' to test whether a name is recognized; if it is, config.sub translates it to a triplet specifying CPU, vendor, and OS.) If you have more than one compiler on your system, it is often best to explicitly set CC in the environment before running configure, and to also set CC when running make. For example (assuming sh/bash/ksh): CC=gcc ./configure make A similar example using csh: setenv CC gcc ./configure make Much of the code and documentation enclosed is copyright by the Free Software Foundation, Inc. See the file COPYING or COPYING.LIB in the various directories, for a description of the GNU General Public License terms under which you can copy the files. REPORTING BUGS: Again, see gdb/README, binutils/README, etc., for info on where and how to report problems.