From patchwork Sat Apr 18 17:01:38 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kratochvil X-Patchwork-Id: 6319 Received: (qmail 72653 invoked by alias); 18 Apr 2015 17:01:45 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 72643 invoked by uid 89); 18 Apr 2015 17:01:44 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.8 required=5.0 tests=AWL, BAYES_00, SPF_HELO_PASS, SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Sat, 18 Apr 2015 17:01:43 +0000 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t3IH1grB018812 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 18 Apr 2015 13:01:42 -0400 Received: from host1.jankratochvil.net (ovpn-116-27.ams2.redhat.com [10.36.116.27]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t3IH1ckY009222 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 18 Apr 2015 13:01:41 -0400 Date: Sat, 18 Apr 2015 19:01:38 +0200 From: Jan Kratochvil To: gdb-patches@sourceware.org Subject: [patch] Fix ASAN crash for gdb.compile/compile.exp Message-ID: <20150418170138.GA9123@host1.jankratochvil.net> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-IsSubscribed: yes Hi, (gdb) PASS: gdb.compile/compile.exp: set unwindonsignal on compile code *(volatile int *) 0 = 0; Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7fba426 in _gdb_expr (__regs=0x7ffff7fb8000) at gdb command line:1 1 gdb command line: No such file or directory. ================================================================= ==10462==ERROR: AddressSanitizer: heap-use-after-free on address 0x621000cf7a3d at pc 0x0000004e46b9 bp 0x7ffdeb0f7a40 sp 0x7ffdeb0f71b8 READ of size 10 at 0x621000cf7a3d thread T0 #0 0x4e46b8 in printf_common(void*, char const*, __va_list_tag*) [clone .isra.6] (/home/jkratoch/redhat/gdb-clean-asan/gdb/gdb+0x4e46b8) #1 0x4f645e in vasprintf (/home/jkratoch/redhat/gdb-clean-asan/gdb/gdb+0x4f645e) #2 0xe5cf00 in xstrvprintf common/common-utils.c:120 #3 0xe74192 in throw_it common/common-exceptions.c:332 #4 0xe742f6 in throw_verror common/common-exceptions.c:361 #5 0xddc89e in verror /home/jkratoch/redhat/gdb-clean-asan/gdb/utils.c:541 #6 0xe734bd in error common/errors.c:43 #7 0xafa1d6 in call_function_by_hand_dummy /home/jkratoch/redhat/gdb-clean-asan/gdb/infcall.c:1031 #8 0xe81858 in compile_object_run compile/compile-object-run.c:119 #9 0xe7733c in eval_compile_command compile/compile.c:577 #10 0xe7541e in compile_code_command compile/compile.c:153 It is obvious why that happens, dummy_frame_pop() will call compile objfile cleanup which will free that objfile and NAME then becomes a stale pointer. Whether the objfile really should be already freed during call_function_by_hand_dummy() I am not sure. No regressions on {x86_64,x86_64-m32,i686}-fedora23pre-linux-gnu. Jan gdb/ChangeLog 2015-04-18 Jan Kratochvil Fix ASAN crash for gdb.compile/compile.exp. * infcall.c (call_function_by_hand_dummy): Use xstrdup for NAME. diff --git a/gdb/infcall.c b/gdb/infcall.c index 26c64f6..bbe163f 100644 --- a/gdb/infcall.c +++ b/gdb/infcall.c @@ -1005,8 +1005,11 @@ When the function is done executing, GDB will silently stop."), if (stopped_by_random_signal || stop_stack_dummy != STOP_STACK_DUMMY) { - const char *name = get_function_name (funaddr, - name_buf, sizeof (name_buf)); + /* Make a copy as NAME may be in an objfile freed by dummy_frame_pop. */ + char *name = xstrdup (get_function_name (funaddr, + name_buf, sizeof (name_buf))); + make_cleanup (xfree, name); + if (stopped_by_random_signal) {