diff mbox

Fix use of a dangling pointer for Python breakpoint objects

Message ID 20160621104021.15093-1-derodat@adacore.com
State New, archived
Headers

Commit Message

Pierre-Marie de Rodat June 21, 2016, 10:40 a.m. UTC 
  Hello,

When a Python script tries to create a breakpoint but fails to do so,
gdb.Breakpoint.__init__ raises an exception and the breakpoint does not
exist anymore in the Python interpreter. However, GDB still keeps a
reference to the Python object to be used for a later hook, which is
wrong.

This commit adds the necessary cleanup code so that there is no stale
reference to this Python object. It also adds a new testcase to
reproduce the bug and check the fix.

There is no regression on my x86_64-linux machine: ok to push? Thank you
in advance!

2016-06-21  Pierre-Marie de Rodat  <derodat@adacore.com>

gdb/
	* python/py-breakpoint.c (bppy_init): Clear bppy_pending_object
	when there is an error during the breakpoint creation.

gdb/testsuite

	* gdb.python/py-breakpoint2.c, gdb.python/py-breakpoint2.exp,
	gdb.python/py-breakpoint2.py: New testcase.
---
 gdb/python/py-breakpoint.c                  |  1 +
 gdb/testsuite/gdb.python/py-breakpoint2.c   | 22 +++++++++++++++++++
 gdb/testsuite/gdb.python/py-breakpoint2.exp | 34 +++++++++++++++++++++++++++++
 gdb/testsuite/gdb.python/py-breakpoint2.py  | 31 ++++++++++++++++++++++++++
 4 files changed, 88 insertions(+)
 create mode 100644 gdb/testsuite/gdb.python/py-breakpoint2.c
 create mode 100644 gdb/testsuite/gdb.python/py-breakpoint2.exp
 create mode 100644 gdb/testsuite/gdb.python/py-breakpoint2.py

Comments

Pedro Alves June 23, 2016, 4:14 p.m. UTC | #1 
On 06/21/2016 11:40 AM, Pierre-Marie de Rodat wrote:
> Hello,
> 
> When a Python script tries to create a breakpoint but fails to do so,
> gdb.Breakpoint.__init__ raises an exception and the breakpoint does not
> exist anymore in the Python interpreter. However, GDB still keeps a
> reference to the Python object to be used for a later hook, which is
> wrong.

Urgh, this code is ugly.

So the problem is that the next time gdbpy_breakpoint_created
is called, for some other breakpoint, we'll dereference the dangling
pointer then, correct?

> +
> +# Skip all tests if Python scripting is not enabled.
> +if { [skip_python_tests] } { continue }
> +
> +gdb_test "source py-breakpoint2.py"
> +
> +# The following used to trigger an internal error because of a dangling
> +# reference to a Python breakpoint object.
> +gdb_test "start"

"start" doesn't work with "target remote" testing.  Try:

$ make check \
   RUNTESTFLAGS="--target_board=native-gdbserver" \
   TESTS="gdb.python/py-breakpoint2.exp"

Can we instead run to main first, and then source the python
script?

> +
> +bp1 = gdb.Breakpoint('main', gdb.BP_BREAKPOINT)

I don't understand the idea behind creating this breakpoint
before the failing watchpoint one.

> +
> +# The following will create a breakpoint whose construction will abort (there
> +# is no such symbol), so GDB should not keep a reference to the corresponding
> +# Python object.
> +try:
> +    bp2 = gdb.Breakpoint('does_not_exist', gdb.BP_WATCHPOINT)
> +except RuntimeError:
> +    pass
> +else:
> +    assert False

Wouldn't it better to create a breakpoint after the one
that failed, explicitly?  Either in python, or perhaps
simpler, a regular command line breakpoint directly in
the .exp file.  

Ah, I think I see -- I guess the test is relying on "start" creating
a magic breakpoint at "main", and that one being the one
that dereferences the dangling pointer.  But, see above about
remote testing.

Thanks,
Pedro Alves
diff mbox

Patch

diff --git a/gdb/python/py-breakpoint.c b/gdb/python/py-breakpoint.c
index ed9cae6..5918bcc 100644
--- a/gdb/python/py-breakpoint.c
+++ b/gdb/python/py-breakpoint.c
@@ -705,6 +705,7 @@  bppy_init (PyObject *self, PyObject *args, PyObject *kwargs)
     }
   CATCH (except, RETURN_MASK_ALL)
     {
+      bppy_pending_object = NULL;
       PyErr_Format (except.reason == RETURN_QUIT
 		    ? PyExc_KeyboardInterrupt : PyExc_RuntimeError,
 		    "%s", except.message);
diff --git a/gdb/testsuite/gdb.python/py-breakpoint2.c b/gdb/testsuite/gdb.python/py-breakpoint2.c
new file mode 100644
index 0000000..0a535a4
--- /dev/null
+++ b/gdb/testsuite/gdb.python/py-breakpoint2.c
@@ -0,0 +1,22 @@ 
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2016 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see  <http://www.gnu.org/licenses/>.  */
+
+int
+main (void)
+{
+  return 0;
+}
diff --git a/gdb/testsuite/gdb.python/py-breakpoint2.exp b/gdb/testsuite/gdb.python/py-breakpoint2.exp
new file mode 100644
index 0000000..0a3a7ca
--- /dev/null
+++ b/gdb/testsuite/gdb.python/py-breakpoint2.exp
@@ -0,0 +1,34 @@ 
+# Copyright (C) 2016 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# This file is part of the GDB testsuite.  It tests the mechanism
+# exposing breakpoints to Python.
+
+load_lib gdb-python.exp
+
+standard_testfile
+
+if { [prepare_for_testing ${testfile}.exp ${testfile} ${srcfile}] } {
+    return -1
+}
+
+# Skip all tests if Python scripting is not enabled.
+if { [skip_python_tests] } { continue }
+
+gdb_test "source py-breakpoint2.py"
+
+# The following used to trigger an internal error because of a dangling
+# reference to a Python breakpoint object.
+gdb_test "start"
diff --git a/gdb/testsuite/gdb.python/py-breakpoint2.py b/gdb/testsuite/gdb.python/py-breakpoint2.py
new file mode 100644
index 0000000..9e0a379
--- /dev/null
+++ b/gdb/testsuite/gdb.python/py-breakpoint2.py
@@ -0,0 +1,31 @@ 
+# Copyright (C) 2016 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# This file is part of the GDB testsuite.  It tests the mechanism
+# exposing breakpoints to Python.
+
+import gdb
+
+bp1 = gdb.Breakpoint('main', gdb.BP_BREAKPOINT)
+
+# The following will create a breakpoint whose construction will abort (there
+# is no such symbol), so GDB should not keep a reference to the corresponding
+# Python object.
+try:
+    bp2 = gdb.Breakpoint('does_not_exist', gdb.BP_WATCHPOINT)
+except RuntimeError:
+    pass
+else:
+    assert False