| Message ID | 20251221183723.248939-1-ssbssa@yahoo.de |
|---|---|
| State | New |
| Headers |
Return-Path: <gdb-patches-bounces~patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id 36ED64BA2E1F for <patchwork@sourceware.org>; Sun, 21 Dec 2025 18:38:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 36ED64BA2E1F Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=yahoo.de header.i=@yahoo.de header.a=rsa-sha256 header.s=s2048 header.b=DSe26zba X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from sonic304-22.consmr.mail.ir2.yahoo.com (sonic304-22.consmr.mail.ir2.yahoo.com [77.238.179.147]) by sourceware.org (Postfix) with ESMTPS id 4A8264BA2E04 for <gdb-patches@sourceware.org>; Sun, 21 Dec 2025 18:37:27 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4A8264BA2E04 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=yahoo.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=yahoo.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4A8264BA2E04 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=77.238.179.147 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1766342247; cv=none; b=SbR8GCSKO3X2ytCXqzvnvrnu3BsPwuhTl6QIGm/wm74oncCsuJXBliMIlcEUql8ZPnIosEt5cxbSXyxieykKO0DHDSmV7Xsh9/CfDu4miccgWanW1AKd2uvutpo1FOPk9+XmLBJamW1RzFDqrlj8dT+NKle9ieLxmGpBy+RWbgU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1766342247; c=relaxed/simple; bh=SriwdKD9gvyjXi5AnIM9fPDKBmhR6yoqebjnvMgZLXY=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=ooSTHDgiWr86//kQjtdhK5v27f5XT+s+oZw8w4CxlF7tqOKDu+ZArrxBmoTRHpueF2f0z4uUmIigz2bT3iDVDyjRFnCW93Bpsd/rkg/SxG0uwrp/9PE4WMplMBzU8eKUVSuI+0aozZ6hMFf0y+wZQ124mME28fNoKv0k+KkeN1w= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4A8264BA2E04 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.de; s=s2048; t=1766342246; bh=Cy78ohugANgasRuN2Jf7BK6z+zFQGcB8wssdhVrBLI0=; h=From:To:Subject:Date:References:From:Subject:Reply-To; b=DSe26zbaRdZ3JycKAwVhQRyGITxfNtmNXX9Hfq9HAxn3Hi03PtdUSnTlustPKLzgvMqAq78QyNUMORmXAF4lsRRkSeHn83NofliznMBq/XvcoC/h2XwYkYLLEuGh+PvR29QE/ecKKRH2LnQbRAZJCzrFI/8yFG6B/fsO9kirMND6dzXExpUzrQAPAW1OA3rLtzYj6rd0FnhTsldF7nyoR150yx2Vt4/vOer8wmIWUYoJmNXku7apC+/KjpoXzia7cWOpQQXUGkfwJvBd8CItKSWSzjCdv1ehAEC3Ioyp7tiR7ODkC3XdxqRMr1iS1irTWNiJ4tMeeMiU2EuXxnuRIA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1766342246; bh=QBZ8aL6NXKDoTCWACAe2J1YtHf/76Sof97a2FnNBb7o=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=iMP4uRYxh4JqvCzyoe2SfXcWbhaxLKTHc2fbKIwrPd5iRy+MecYGnhIMGCQbKpoU3pRV8oOyqr0O10Y0IV+bP+0pFZU0wnQhFTvMx1vxwL9uhvvmrXkp0/JW7QHW38uHB0QoqBkb+hTR649Hb6+XG1pc3V99bD4hzQQ/btO3lF19oV3K3iQFmqQ1wtvqh5kt2jvGsoqZvZnWwUfguwwMqeJq67XXNpd6ggnP54QXqTo3PGaFt9I0qD1U+hAobjQtKnE67WvoIL5fCKdRAK5xoj6LFFuQBpekdWSYWjkIVVJDz0pjzUtYOnXRewzZv9j6mH6kjOTeMfxr4W3oUnG6WA== X-YMail-OSG: EGU59C0VM1nR6cZU1pzVCOtKlXl6dPv15Rwz5siRfNQsBz7tJkJ4q_FHStiqVvB unvVexwIzBXsr0_yytuB8ZLeO69zTpdu4TFWSpaK7k6YUkzRRp5MsrYBXOzNeYCBQayy.CMacRUf N0EF0tWUXEZa00WtU0tUuXtyz6Vnr4YbtJ8wW_VgTZK4.qbx17wpon9.69JN_i_CgDsV1MyGNllY gcEopedh_Z0iloAyoVGEfEo91EbEk821exBUILAxVBkEXGiGV2iZRQoDV.wpglosSYd4FcU1wGuL i.4cKLA.8UuX1n7IkPjoKc4ho4giIfzWFABmm8n8KHymeo7XNcJMDoIiFkh1cScV.sk4MDBaCQSw AbrtRHpCIbvMFpX41AYKccMsHKY2WqBlkAY3aULk5AYbCn4iEAakNnmlCTdJ1syVIjk26B0UPXcg Lb8NirNqJMIw_qmf7Z1hldazUsMnJnPUvrF9KE6DEIXtJGVc_p.zq_BzoYqKDn.Hk6f6DztpCU4I scCyYZMnKvGBSs9qPHTpBKTq1D7ZT77GlNMPI2XjTdFbupG4op4EjFu1s7349jMpgrUqQDiIqlpC fIyIikYFdSMZFg7808MapX64Syd8NZkIZIqJPUCDwxqSySouT9ARYn3tJQkj741YXZKoUI45NLhw r0p6ICI_GJB9_iICVF8U3hwJ7KcfFV6HGSGmogt1w5LnVtYe.y6ar7YVMTz.r09hHgpjRBuVjXhK drLjzPWYCoXhAomXRYgWdHb.Nvnjst7_JwTyb5IE8XjeiciGUT.t2ld4o9olgWnLLncCko06QFcX QxmbRkRqCX8nH21ySGUCkiqzGyT9IVFXYUiRaIVmqE8Lynod_LRFGdlyuGgJBP07CS.7dJY0O0bS OcrTvcB2WT.mZYpnUOVAX5Ua8SZLUmMQra9TgefNhrbU_Z8ROP6eAx2Ej_dZGLmGMM7mqLUjhOCk .yp2WJPMJa3S99HJDefpzldkGJ9hReLfwiT7BeHEWcF5.xrkj9.5iVDMkQzxbQvCouUSZhc0hI2p nIhu2whesJ38RWxKEp9G4._ByCUK2zYOAchf.q682bgwsskkoam_SW1Y7t_v9.vJiJusmkl6_fwV CpIDGPKduAoVtGtTexv_jWpc8XgfnnBlvgI..dLmmscGS1YO.gnZJbLTiI2zlRkDVCFIQ8rBiFLW zdM5ZU911pBH7Ulg3udonpPi7G3z1xL5lELxYgNaAYMdEVmtyK.Ze9XuPGeJQgO0LETfujFbzGYP BPdMlG1VcnMMDpviThAikj.j0Army58oXFF5XYXjHQCiamp0AqQNywSwyqwDWr72ZLL5N3qn5RmP P7TJ7Kz4lKQ2D6og3LAqqvhCxJKkp1BaCCmMJLaN4Kt03gZzCEPDbQ_3vA9NrTOPjtgpUumDVrMX CO54kLFqZ4qanwQInnAlHYtBDx8CbOfz4EWbCIhdIBuay.THnIw2CzCgiI5WErFnG9biEfhYxq9H 0nncKCYUJVb1P3Zq0TkkGAfi.HurMM_kkTEbmUEGZQi3IH8RZu3cd8V8Q8zQXps7ttoxmOFRKC_6 c2cYJY5S9ORRlZPoVQnnkIsloEEuJSHXGIPKSB2DrZeHm8tCWKZ2O4gEpr7dh.5jaNodbfl6f9wD 4sdvnl1MEXocWEtuWE61VNggvISMuNzC1VfrVgf2b3fEZ_w7kqLbkfOseMF07B7bMR2YasFW2lu8 YiH5iJgWfXrKVx0hm7Lfv0MdiAFWtRjxpfYoBE1nu43J_TIcNf7vPb3amMbdWgQrktV.5lGCW2bO 4dspG9.gbHbF9qEZ.PxOsVElfKlPn0KPvK.rrBC0CZQHG.EDR6rvLkoEr48Fzm9vEZ4W4ZeRfKIC JfAJ7uTynszRINZAj8ZpHLF332XzH9jYs9plmu.h3Csj5KFjfqZId4MeUE7BzSAMB1gFiAqqJJhg tb46LBptB7Gb.ngEA7rnBAfK8CubxRs17mmDAo96IrXy.DRpXg5zq4qv10UsRfjjcqbmTybBmANF 8Cul10aOwQxAaI0u_v67L4IpiXw9gPaLyyJTA6JAFMviNhZfMf5n4CfidWLba3hatCDk0BPAcOrQ dkEB8gr6d4JQk70mNxFBlSTCYBx2xZDyB2nxJcdVAj5iU4RP2aFgPYkPWY_1faanJg.oMMa1wY5. WbvI.8kYTMM_4bfOhHrnLodsWJ60lg2.TqBq3y8Y5MOM.kdAhMS43XWdW6.XPQXlsgDc3w0FCFAr aKAmJtkP4IV9TbgPyjpUt7Ck6_He0BVRuiwTa X-Sonic-MF: <ssbssa@yahoo.de> X-Sonic-ID: 2befad06-d911-4ef7-a1e7-2cc763c1b7d4 Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ir2.yahoo.com with HTTP; Sun, 21 Dec 2025 18:37:26 +0000 Received: by hermes--production-ir2-7679c5bc-8rzzp (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 05fad4f9730fda9d85ba88c5042dd452; Sun, 21 Dec 2025 18:37:25 +0000 (UTC) From: Hannes Domani <ssbssa@yahoo.de> To: gdb-patches@sourceware.org Subject: [PATCH] Fix crash if breakpoint commands contain detach or kill Date: Sun, 21 Dec 2025 19:37:23 +0100 Message-ID: <20251221183723.248939-1-ssbssa@yahoo.de> X-Mailer: git-send-email 2.51.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit References: <20251221183723.248939-1-ssbssa.ref@yahoo.de> X-Spam-Status: No, score=-10.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE, SPF_PASS, TXREP, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list <gdb-patches.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-patches>, <mailto:gdb-patches-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/gdb-patches/> List-Post: <mailto:gdb-patches@sourceware.org> List-Help: <mailto:gdb-patches-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-patches>, <mailto:gdb-patches-request@sourceware.org?subject=subscribe> Errors-To: gdb-patches-bounces~patchwork=sourceware.org@sourceware.org |
| Series |
Fix crash if breakpoint commands contain detach or kill
|
|
Commit Message
Hannes Domani
Dec. 21, 2025, 6:37 p.m. UTC
If breakpoint commands contain detach or kill, then gdb tries to access freed memory: (gdb) b main Breakpoint 1 at 0x111d: file main.c, line 21. (gdb) commands Type commands for breakpoint(s) 1, one per line. End with a line saying just "end". >detach >end (gdb) run Starting program: /home/src/lappy/binutils-gdb.git/gdb/testsuite/gdb.base/main [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/../lib/libthread_db.so.1". main () at main.c:21 21 return 0; [Inferior 1 (process 241852) detached] ================================================================= ==241817==ERROR: AddressSanitizer: heap-use-after-free on address 0x7b7a3de0b760 at pc 0x55fcb92613fe bp 0x7ffec2d524f0 sp 0x7ffec2d524e0 READ of size 8 at 0x7b7a3de0b760 thread T0 #0 0x55fcb92613fd in bpstat_do_actions_1 ../../gdb/breakpoint.c:4898 #1 0x55fcb92617da in bpstat_do_actions() ../../gdb/breakpoint.c:5012 #2 0x55fcba3180e7 in inferior_event_handler(inferior_event_type) ../../gdb/inf-loop.c:71 #3 0x55fcba3ba1e1 in fetch_inferior_event() ../../gdb/infrun.c:4769 0x7b7a3de0b760 is located 0 bytes inside of 56-byte region [0x7b7a3de0b760,0x7b7a3de0b798) freed by thread T0 here: #0 0x7f1a43522a2d in operator delete(void*, unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:155 #1 0x55fcb925d5cd in bpstat_clear(bpstat**) ../../gdb/breakpoint.c:4646 #2 0x55fcbb69ea6a in clear_thread_inferior_resources ../../gdb/thread.c:185 #3 0x55fcbb69f4cb in set_thread_exited(thread_info*, std::optional<unsigned long>, bool) ../../gdb/thread.c:244 #4 0x55fcba368d64 in operator() ../../gdb/inferior.c:269 #5 0x55fcba375e2b in clear_and_dispose<inferior::clear_thread_list()::<lambda(thread_info*)> > ../../gdb/../gdbsupport/intrusive_list.h:529 #6 0x55fcba368f19 in inferior::clear_thread_list() ../../gdb/inferior.c:265 #7 0x55fcba3694ba in exit_inferior(inferior*) ../../gdb/inferior.c:322 #8 0x55fcba369e35 in detach_inferior(inferior*) ../../gdb/inferior.c:358 #9 0x55fcba319d9f in inf_ptrace_target::detach_success(inferior*) ../../gdb/inf-ptrace.c:214 #10 0x55fcba56a2f6 in linux_nat_target::detach(inferior*, int) ../../gdb/linux-nat.c:1582 #11 0x55fcba62121c in thread_db_target::detach(inferior*, int) ../../gdb/linux-thread-db.c:1381 #12 0x55fcbb5ca49e in target_detach(inferior*, int) ../../gdb/target.c:2557 #13 0x55fcba356ba4 in detach_command(char const*, int) ../../gdb/infcmd.c:2894 #14 0x55fcb9597eea in do_simple_func ../../gdb/cli/cli-decode.c:94 #15 0x55fcb95b10b5 in cmd_func(cmd_list_element*, char const*, int) ../../gdb/cli/cli-decode.c:2831 #16 0x55fcbb6f5282 in execute_command(char const*, int) ../../gdb/top.c:563 #17 0x55fcb95eedb9 in execute_control_command_1 ../../gdb/cli/cli-script.c:526 #18 0x55fcb95f04dd in execute_control_command(command_line*, int) ../../gdb/cli/cli-script.c:702 #19 0x55fcb9261175 in bpstat_do_actions_1 ../../gdb/breakpoint.c:4940 #20 0x55fcb92617da in bpstat_do_actions() ../../gdb/breakpoint.c:5012 #21 0x55fcba3180e7 in inferior_event_handler(inferior_event_type) ../../gdb/inf-loop.c:71 #22 0x55fcba3ba1e1 in fetch_inferior_event() ../../gdb/infrun.c:4769 previously allocated by thread T0 here: #0 0x7f1a435218cd in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:86 #1 0x55fcb927061f in build_bpstat_chain(address_space const*, unsigned long, target_waitstatus const&) ../../gdb/breakpoint.c:5880 #2 0x55fcba3d63b6 in handle_signal_stop ../../gdb/infrun.c:7083 #3 0x55fcba3d01c7 in handle_inferior_event ../../gdb/infrun.c:6574 #4 0x55fcba3b9918 in fetch_inferior_event() ../../gdb/infrun.c:4713 This checks after executing commands of each breakpoint if the bpstat was deleted already, and stops any further processing immediately. Now the result looks like this: (gdb) b main Breakpoint 1 at 0x111d: file main.c, line 21. (gdb) commands Type commands for breakpoint(s) 1, one per line. End with a line saying just "end". >detach >end (gdb) run Starting program: /home/src/lappy/binutils-gdb.git/gdb/testsuite/gdb.base/main [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/../lib/libthread_db.so.1". main () at main.c:21 21 return 0; [Inferior 1 (process 242940) detached] (gdb) Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=14354 --- gdb/breakpoint.c | 6 +++ .../detach-in-breakpoint-commands.exp | 49 +++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp
Comments
Hannes Domani <ssbssa@yahoo.de> writes: > If breakpoint commands contain detach or kill, then gdb tries to access > freed memory: > > (gdb) b main > Breakpoint 1 at 0x111d: file main.c, line 21. > (gdb) commands > Type commands for breakpoint(s) 1, one per line. > End with a line saying just "end". >>detach >>end > (gdb) run > Starting program: /home/src/lappy/binutils-gdb.git/gdb/testsuite/gdb.base/main > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/usr/lib/../lib/libthread_db.so.1". > > main () at main.c:21 > 21 return 0; > [Inferior 1 (process 241852) detached] > ================================================================= > ==241817==ERROR: AddressSanitizer: heap-use-after-free on address 0x7b7a3de0b760 at pc 0x55fcb92613fe bp 0x7ffec2d524f0 sp 0x7ffec2d524e0 > READ of size 8 at 0x7b7a3de0b760 thread T0 > #0 0x55fcb92613fd in bpstat_do_actions_1 ../../gdb/breakpoint.c:4898 > #1 0x55fcb92617da in bpstat_do_actions() ../../gdb/breakpoint.c:5012 > #2 0x55fcba3180e7 in inferior_event_handler(inferior_event_type) ../../gdb/inf-loop.c:71 > #3 0x55fcba3ba1e1 in fetch_inferior_event() ../../gdb/infrun.c:4769 > > 0x7b7a3de0b760 is located 0 bytes inside of 56-byte region [0x7b7a3de0b760,0x7b7a3de0b798) > freed by thread T0 here: > #0 0x7f1a43522a2d in operator delete(void*, unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:155 > #1 0x55fcb925d5cd in bpstat_clear(bpstat**) ../../gdb/breakpoint.c:4646 > #2 0x55fcbb69ea6a in clear_thread_inferior_resources ../../gdb/thread.c:185 > #3 0x55fcbb69f4cb in set_thread_exited(thread_info*, std::optional<unsigned long>, bool) ../../gdb/thread.c:244 > #4 0x55fcba368d64 in operator() ../../gdb/inferior.c:269 > #5 0x55fcba375e2b in clear_and_dispose<inferior::clear_thread_list()::<lambda(thread_info*)> > ../../gdb/../gdbsupport/intrusive_list.h:529 > #6 0x55fcba368f19 in inferior::clear_thread_list() ../../gdb/inferior.c:265 > #7 0x55fcba3694ba in exit_inferior(inferior*) ../../gdb/inferior.c:322 > #8 0x55fcba369e35 in detach_inferior(inferior*) ../../gdb/inferior.c:358 > #9 0x55fcba319d9f in inf_ptrace_target::detach_success(inferior*) ../../gdb/inf-ptrace.c:214 > #10 0x55fcba56a2f6 in linux_nat_target::detach(inferior*, int) ../../gdb/linux-nat.c:1582 > #11 0x55fcba62121c in thread_db_target::detach(inferior*, int) ../../gdb/linux-thread-db.c:1381 > #12 0x55fcbb5ca49e in target_detach(inferior*, int) ../../gdb/target.c:2557 > #13 0x55fcba356ba4 in detach_command(char const*, int) ../../gdb/infcmd.c:2894 > #14 0x55fcb9597eea in do_simple_func ../../gdb/cli/cli-decode.c:94 > #15 0x55fcb95b10b5 in cmd_func(cmd_list_element*, char const*, int) ../../gdb/cli/cli-decode.c:2831 > #16 0x55fcbb6f5282 in execute_command(char const*, int) ../../gdb/top.c:563 > #17 0x55fcb95eedb9 in execute_control_command_1 ../../gdb/cli/cli-script.c:526 > #18 0x55fcb95f04dd in execute_control_command(command_line*, int) ../../gdb/cli/cli-script.c:702 > #19 0x55fcb9261175 in bpstat_do_actions_1 ../../gdb/breakpoint.c:4940 > #20 0x55fcb92617da in bpstat_do_actions() ../../gdb/breakpoint.c:5012 > #21 0x55fcba3180e7 in inferior_event_handler(inferior_event_type) ../../gdb/inf-loop.c:71 > #22 0x55fcba3ba1e1 in fetch_inferior_event() ../../gdb/infrun.c:4769 > > previously allocated by thread T0 here: > #0 0x7f1a435218cd in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:86 > #1 0x55fcb927061f in build_bpstat_chain(address_space const*, unsigned long, target_waitstatus const&) ../../gdb/breakpoint.c:5880 > #2 0x55fcba3d63b6 in handle_signal_stop ../../gdb/infrun.c:7083 > #3 0x55fcba3d01c7 in handle_inferior_event ../../gdb/infrun.c:6574 > #4 0x55fcba3b9918 in fetch_inferior_event() ../../gdb/infrun.c:4713 > > This checks after executing commands of each breakpoint if the bpstat > was deleted already, and stops any further processing immediately. > Now the result looks like this: > > (gdb) b main > Breakpoint 1 at 0x111d: file main.c, line 21. > (gdb) commands > Type commands for breakpoint(s) 1, one per line. > End with a line saying just "end". >>detach >>end > (gdb) run > Starting program: /home/src/lappy/binutils-gdb.git/gdb/testsuite/gdb.base/main > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/usr/lib/../lib/libthread_db.so.1". > > main () at main.c:21 > 21 return 0; > [Inferior 1 (process 242940) detached] > (gdb) > > Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=14354 Thanks for fixing this. The fix looks mostly OK, I have just a couple of comments on the test, see below. > --- > gdb/breakpoint.c | 6 +++ > .../detach-in-breakpoint-commands.exp | 49 +++++++++++++++++++ > 2 files changed, 55 insertions(+) > create mode 100644 gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp > > diff --git a/gdb/breakpoint.c b/gdb/breakpoint.c > index 8d35e00be99..10b2284ecfa 100644 > --- a/gdb/breakpoint.c > +++ b/gdb/breakpoint.c > @@ -4947,6 +4947,12 @@ bpstat_do_actions_1 (bpstat **bsp) > cmd = cmd->next; > } > > + /* If the command tree somehow stopped the process, e.g. if it > + contains 'kill', then the bpstat might have been deleted already. > + *BSP will have been reset then, so stop in that case. */ > + if (*bsp == nullptr) > + break; > + > if (breakpoint_proceeded) > { > if (current_ui->async) > diff --git a/gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp b/gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp > new file mode 100644 > index 00000000000..20a1c8bfaaf > --- /dev/null > +++ b/gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp > @@ -0,0 +1,49 @@ > +# Copyright 2025 Free Software Foundation, Inc. > + > +# This program is free software; you can redistribute it and/or modify > +# it under the terms of the GNU General Public License as published by > +# the Free Software Foundation; either version 3 of the License, or > +# (at your option) any later version. > +# > +# This program is distributed in the hope that it will be useful, > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > +# > +# You should have received a copy of the GNU General Public License > +# along with this program. If not, see <http://www.gnu.org/licenses/>. I think here you should add: require !use_gdb_stub The 'run' command cannot be used with 'remote' targets, so things like: make check \ TESTS=gdb.base/detach-in-breakpoint-commands.exp \ RUNTESTFLAGS="--target_board=native-remote" will fail without that line. You might be interested in the 'Testing All Simple Boards' section of gdb/testsuite/README. This describes how to use: make check-all-boards TESTS=gdb.base/detach-in-breakpoint-commands.exp to test with all the different board files. There's some environment setup needed, but I find this really useful for checking new tests. For this patch though, the above suggestion fixes all issues. > + > +# Test breakpoint commands which detach or kill the inferior. > + > +standard_testfile main.c > + > +if { [prepare_for_testing "prepare" $testfile $srcfile] != 0 } { > + return > +} > + > +gdb_test "break main" "Breakpoint $decimal at .*" > + > +# Test detach in breakpoint commands. > +gdb_test \ > + [multi_line_input \ > + {commands} \ > + { detach} \ > + {end}] \ > + "End with.*" \ > + "detach in commands" > + > +gdb_test "run" "\[Inferior $decimal \\(process $decimal\\) detached\]" \ > + "run - detach" I think here, and in the 'run' test below too, the pattern within the (...) is too restrictive. The 'process $decimal' part is created by calling target_pid_to_str, and can take any form. As this isn't critical to this test I would suggest: gdb_test "run" "\[Inferior $decimal \\(\[^\r\n\]*\\) detached\]" \ "run - detach" And a similar change below too. If you are happy to accept these changes, then: Approved-By: Andrew Burgess <aburgess@redhat.com> Thanks, Andrew > + > +# Test kill in breakpoint commands. > +gdb_test \ > + [multi_line_input \ > + {commands} \ > + { set confirm off} \ > + { kill} \ > + {end}] \ > + "End with.*" \ > + "kill in commands" > + > +gdb_test "run" "\[Inferior $decimal \\(process $decimal\\) killed\]" \ > + "run - kill" > -- > 2.51.0
Am Montag, 22. Dezember 2025 um 11:11:50 MEZ hat Andrew Burgess <aburgess@redhat.com> Folgendes geschrieben: > Hannes Domani <ssbssa@yahoo.de> writes: > > > If breakpoint commands contain detach or kill, then gdb tries to access > > freed memory: > > > > (gdb) b main > > Breakpoint 1 at 0x111d: file main.c, line 21. > > (gdb) commands > > Type commands for breakpoint(s) 1, one per line. > > End with a line saying just "end". > >>detach > >>end > > (gdb) run > > Starting program: /home/src/lappy/binutils-gdb.git/gdb/testsuite/gdb.base/main > > [Thread debugging using libthread_db enabled] > > Using host libthread_db library "/usr/lib/../lib/libthread_db.so.1". > > > > main () at main.c:21 > > 21 return 0; > > [Inferior 1 (process 241852) detached] > > ================================================================= > > ==241817==ERROR: AddressSanitizer: heap-use-after-free on address 0x7b7a3de0b760 at pc 0x55fcb92613fe bp 0x7ffec2d524f0 sp 0x7ffec2d524e0 > > READ of size 8 at 0x7b7a3de0b760 thread T0 > > #0 0x55fcb92613fd in bpstat_do_actions_1 ../../gdb/breakpoint.c:4898 > > #1 0x55fcb92617da in bpstat_do_actions() ../../gdb/breakpoint.c:5012 > > #2 0x55fcba3180e7 in inferior_event_handler(inferior_event_type) ../../gdb/inf-loop.c:71 > > #3 0x55fcba3ba1e1 in fetch_inferior_event() ../../gdb/infrun.c:4769 > > > > 0x7b7a3de0b760 is located 0 bytes inside of 56-byte region [0x7b7a3de0b760,0x7b7a3de0b798) > > freed by thread T0 here: > > #0 0x7f1a43522a2d in operator delete(void*, unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:155 > > #1 0x55fcb925d5cd in bpstat_clear(bpstat**) ../../gdb/breakpoint.c:4646 > > #2 0x55fcbb69ea6a in clear_thread_inferior_resources ../../gdb/thread.c:185 > > #3 0x55fcbb69f4cb in set_thread_exited(thread_info*, std::optional<unsigned long>, bool) ../../gdb/thread.c:244 > > #4 0x55fcba368d64 in operator() ../../gdb/inferior.c:269 > > #5 0x55fcba375e2b in clear_and_dispose<inferior::clear_thread_list()::<lambda(thread_info*)> > ../../gdb/../gdbsupport/intrusive_list.h:529 > > #6 0x55fcba368f19 in inferior::clear_thread_list() ../../gdb/inferior.c:265 > > #7 0x55fcba3694ba in exit_inferior(inferior*) ../../gdb/inferior.c:322 > > #8 0x55fcba369e35 in detach_inferior(inferior*) ../../gdb/inferior.c:358 > > #9 0x55fcba319d9f in inf_ptrace_target::detach_success(inferior*) ../../gdb/inf-ptrace.c:214 > > #10 0x55fcba56a2f6 in linux_nat_target::detach(inferior*, int) ../../gdb/linux-nat.c:1582 > > #11 0x55fcba62121c in thread_db_target::detach(inferior*, int) ../../gdb/linux-thread-db.c:1381 > > #12 0x55fcbb5ca49e in target_detach(inferior*, int) ../../gdb/target.c:2557 > > #13 0x55fcba356ba4 in detach_command(char const*, int) ../../gdb/infcmd.c:2894 > > #14 0x55fcb9597eea in do_simple_func ../../gdb/cli/cli-decode.c:94 > > #15 0x55fcb95b10b5 in cmd_func(cmd_list_element*, char const*, int) ../../gdb/cli/cli-decode.c:2831 > > #16 0x55fcbb6f5282 in execute_command(char const*, int) ../../gdb/top.c:563 > > #17 0x55fcb95eedb9 in execute_control_command_1 ../../gdb/cli/cli-script.c:526 > > #18 0x55fcb95f04dd in execute_control_command(command_line*, int) ../../gdb/cli/cli-script.c:702 > > #19 0x55fcb9261175 in bpstat_do_actions_1 ../../gdb/breakpoint.c:4940 > > #20 0x55fcb92617da in bpstat_do_actions() ../../gdb/breakpoint.c:5012 > > #21 0x55fcba3180e7 in inferior_event_handler(inferior_event_type) ../../gdb/inf-loop.c:71 > > #22 0x55fcba3ba1e1 in fetch_inferior_event() ../../gdb/infrun.c:4769 > > > > previously allocated by thread T0 here: > > #0 0x7f1a435218cd in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:86 > > #1 0x55fcb927061f in build_bpstat_chain(address_space const*, unsigned long, target_waitstatus const&) ../../gdb/breakpoint.c:5880 > > #2 0x55fcba3d63b6 in handle_signal_stop ../../gdb/infrun.c:7083 > > #3 0x55fcba3d01c7 in handle_inferior_event ../../gdb/infrun.c:6574 > > #4 0x55fcba3b9918 in fetch_inferior_event() ../../gdb/infrun.c:4713 > > > > This checks after executing commands of each breakpoint if the bpstat > > was deleted already, and stops any further processing immediately. > > Now the result looks like this: > > > > (gdb) b main > > Breakpoint 1 at 0x111d: file main.c, line 21. > > (gdb) commands > > Type commands for breakpoint(s) 1, one per line. > > End with a line saying just "end". > >>detach > >>end > > (gdb) run > > Starting program: /home/src/lappy/binutils-gdb.git/gdb/testsuite/gdb.base/main > > [Thread debugging using libthread_db enabled] > > Using host libthread_db library "/usr/lib/../lib/libthread_db.so.1". > > > > main () at main.c:21 > > 21 return 0; > > [Inferior 1 (process 242940) detached] > > (gdb) > > > > Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=14354 > > > Thanks for fixing this. The fix looks mostly OK, I have just a couple > of comments on the test, see below. > > > --- > > gdb/breakpoint.c | 6 +++ > > .../detach-in-breakpoint-commands.exp | 49 +++++++++++++++++++ > > 2 files changed, 55 insertions(+) > > create mode 100644 gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp > > > > diff --git a/gdb/breakpoint.c b/gdb/breakpoint.c > > index 8d35e00be99..10b2284ecfa 100644 > > --- a/gdb/breakpoint.c > > +++ b/gdb/breakpoint.c > > @@ -4947,6 +4947,12 @@ bpstat_do_actions_1 (bpstat **bsp) > > cmd = cmd->next; > > } > > > > + /* If the command tree somehow stopped the process, e.g. if it > > + contains 'kill', then the bpstat might have been deleted already. > > + *BSP will have been reset then, so stop in that case. */ > > + if (*bsp == nullptr) > > + break; > > + > > if (breakpoint_proceeded) > > { > > if (current_ui->async) > > diff --git a/gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp b/gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp > > new file mode 100644 > > index 00000000000..20a1c8bfaaf > > --- /dev/null > > +++ b/gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp > > @@ -0,0 +1,49 @@ > > +# Copyright 2025 Free Software Foundation, Inc. > > + > > +# This program is free software; you can redistribute it and/or modify > > +# it under the terms of the GNU General Public License as published by > > +# the Free Software Foundation; either version 3 of the License, or > > +# (at your option) any later version. > > +# > > +# This program is distributed in the hope that it will be useful, > > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > +# GNU General Public License for more details. > > +# > > +# You should have received a copy of the GNU General Public License > > +# along with this program. If not, see <http://www.gnu.org/licenses/>. > > I think here you should add: > > require !use_gdb_stub > > The 'run' command cannot be used with 'remote' targets, so things like: > > make check \ > TESTS=gdb.base/detach-in-breakpoint-commands.exp \ > RUNTESTFLAGS="--target_board=native-remote" > > will fail without that line. If I understand it correctly, it would have worked if instead of 'run' I would use 'runto_main' followed by 'continue' instead. Not sure if I would need a new test source file instead of main.c then. > You might be interested in the 'Testing All Simple Boards' section of > gdb/testsuite/README. This describes how to use: > > make check-all-boards TESTS=gdb.base/detach-in-breakpoint-commands.exp > > to test with all the different board files. There's some environment > setup needed, but I find this really useful for checking new tests. For > this patch though, the above suggestion fixes all issues. > > > + > > +# Test breakpoint commands which detach or kill the inferior. > > + > > +standard_testfile main.c > > + > > +if { [prepare_for_testing "prepare" $testfile $srcfile] != 0 } { > > + return > > +} > > + > > +gdb_test "break main" "Breakpoint $decimal at .*" > > + > > +# Test detach in breakpoint commands. > > +gdb_test \ > > + [multi_line_input \ > > + {commands} \ > > + { detach} \ > > + {end}] \ > > + "End with.*" \ > > + "detach in commands" > > + > > +gdb_test "run" "\[Inferior $decimal \\(process $decimal\\) detached\]" \ > > + "run - detach" > > I think here, and in the 'run' test below too, the pattern within the > (...) is too restrictive. The 'process $decimal' part is created by > calling target_pid_to_str, and can take any form. As this isn't > critical to this test I would suggest: > > gdb_test "run" "\[Inferior $decimal \\(\[^\r\n\]*\\) detached\]" \ > "run - detach" > > And a similar change below too. > > If you are happy to accept these changes, then: > > Approved-By: Andrew Burgess <aburgess@redhat.com> Pushed with these changes, thanks. Hannes
diff --git a/gdb/breakpoint.c b/gdb/breakpoint.c index 8d35e00be99..10b2284ecfa 100644 --- a/gdb/breakpoint.c +++ b/gdb/breakpoint.c @@ -4947,6 +4947,12 @@ bpstat_do_actions_1 (bpstat **bsp) cmd = cmd->next; } + /* If the command tree somehow stopped the process, e.g. if it + contains 'kill', then the bpstat might have been deleted already. + *BSP will have been reset then, so stop in that case. */ + if (*bsp == nullptr) + break; + if (breakpoint_proceeded) { if (current_ui->async) diff --git a/gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp b/gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp new file mode 100644 index 00000000000..20a1c8bfaaf --- /dev/null +++ b/gdb/testsuite/gdb.base/detach-in-breakpoint-commands.exp @@ -0,0 +1,49 @@ +# Copyright 2025 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# Test breakpoint commands which detach or kill the inferior. + +standard_testfile main.c + +if { [prepare_for_testing "prepare" $testfile $srcfile] != 0 } { + return +} + +gdb_test "break main" "Breakpoint $decimal at .*" + +# Test detach in breakpoint commands. +gdb_test \ + [multi_line_input \ + {commands} \ + { detach} \ + {end}] \ + "End with.*" \ + "detach in commands" + +gdb_test "run" "\[Inferior $decimal \\(process $decimal\\) detached\]" \ + "run - detach" + +# Test kill in breakpoint commands. +gdb_test \ + [multi_line_input \ + {commands} \ + { set confirm off} \ + { kill} \ + {end}] \ + "End with.*" \ + "kill in commands" + +gdb_test "run" "\[Inferior $decimal \\(process $decimal\\) killed\]" \ + "run - kill"