This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

ASAN crash regression [Re: [PATCH 2/2] move the demangled_names_hash into the per-BFD]

From: Jan Kratochvil <jan dot kratochvil at redhat dot com>
To: Tom Tromey <tromey at redhat dot com>
Cc: Pedro Alves <palves at redhat dot com>, gdb-patches at sourceware dot org
Date: Sun, 15 Jun 2014 09:42:38 +0200
Subject: ASAN crash regression [Re: [PATCH 2/2] move the demangled_names_hash into the per-BFD]
Authentication-results: sourceware.org; auth=none
References: <1376512619-3211-1-git-send-email-tromey at redhat dot com> <1376512619-3211-3-git-send-email-tromey at redhat dot com> <521CEA9F dot 9070003 at redhat dot com> <87li24khkn dot fsf at fleche dot redhat dot com>

On Mon, 07 Oct 2013 21:27:04 +0200, Tom Tromey wrote:
> >> * objfiles.c (free_objfile_per_bfd_storage): Delete the
> >> demangled_names_hash.
> >> (free_objfile): Don't delete the demangled_names_hash.
> >> * objfiles.h (struct objfile_per_bfd_storage)
> >> <demangled_names_hash>: New field.
> >> (struct objfile) <demangled_names_hash>: Move to
> >> objfile_per_bfd_storage.
> >> * symfile.c (reread_symbols): Don't delete the
> >> demangled_names_hash.
> >> * symtab.c (create_demangled_names_hash): Update.
> >> (symbol_set_names): Update.
> 
> Pedro> Looks fine to me.
> 
> I'm checking this in now.

84a1243b15122dfe6414a4f9bdd82096b37bc625 is the first bad commit
commit 84a1243b15122dfe6414a4f9bdd82096b37bc625
Author: Tom Tromey <tromey@redhat.com>
Date:   Mon Oct 7 19:40:38 2013 +0000

    move the demangled_names_hash into the per-BFD

./configure ... -fsanitize=address
echo 'void f(){}main(){}'|gcc -x c++ - -g;ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer ./gdb -batch a.out -ex 'file a.out'

==2077== ERROR: AddressSanitizer: heap-use-after-free on address 0x606200145eb0 at pc 0x7f4e28c4e947 bp 0x7fffb2e2c920 sp 0x7fffb2e2c8e0
READ of size 4 at 0x606200145eb0 thread T0
    #0 0x7f4e28c4e946 in __interceptor_strcmp /usr/src/debug/gcc-4.8.2-20131212/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_interceptors.cc:399
    #1 0x9c274e in eq_demangled_name_entry /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:612
    #2 0x1f6e4dc in htab_find_slot_with_hash /home/jkratoch/redhat/gdb-clean-f20/libiberty/./hashtab.c:660
    #3 0x1f6e81d in htab_find_slot /home/jkratoch/redhat/gdb-clean-f20/libiberty/./hashtab.c:704
    #4 0x9c3992 in symbol_set_names /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:860
    #5 0xb82fc9 in new_symbol_full /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:17696
    #6 0xb5a90c in read_func_scope /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:11193
    #7 0xb49918 in process_die /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:8165
    #8 0xb4d245 in read_file_scope /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:9042
    #9 0xb498e8 in process_die /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:8158
    #10 0xb48577 in process_full_comp_unit /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:7941
    #11 0xb459aa in process_queue /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:7481
    #12 0xb2a790 in dw2_do_instantiate_symtab /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:2641
    #13 0xb46055 in psymtab_to_symtab_1 /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:7570
    #14 0xb451ad in dwarf2_read_symtab /home/jkratoch/redhat/gdb-clean-f20/gdb/dwarf2read.c:7350
    #15 0x9dc416 in psymtab_to_symtab /home/jkratoch/redhat/gdb-clean-f20/gdb/psymtab.c:779
    #16 0x9dafea in lookup_symbol_aux_psymtabs /home/jkratoch/redhat/gdb-clean-f20/gdb/psymtab.c:513
    #17 0x9c759e in lookup_symbol_aux_quick /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1767
    #18 0x9c78d0 in lookup_symbol_global_iterator_cb /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1873
    #19 0xaf308f in default_iterate_over_objfiles_in_search_order /home/jkratoch/redhat/gdb-clean-f20/gdb/objfiles.c:1491
    #20 0xa8834f in gdbarch_iterate_over_objfiles_in_search_order /home/jkratoch/redhat/gdb-clean-f20/gdb/gdbarch.c:4307
    #21 0x9c7b12 in lookup_symbol_global /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1904
    #22 0xd00050 in lookup_symbol_file /home/jkratoch/redhat/gdb-clean-f20/gdb/cp-namespace.c:636
    #23 0xcfeca0 in cp_lookup_symbol_in_namespace /home/jkratoch/redhat/gdb-clean-f20/gdb/cp-namespace.c:255
    #24 0xcfffad in lookup_namespace_scope /home/jkratoch/redhat/gdb-clean-f20/gdb/cp-namespace.c:601
    #25 0xcfebfb in cp_lookup_symbol_nonlocal /home/jkratoch/redhat/gdb-clean-f20/gdb/cp-namespace.c:234
    #26 0x9c6a69 in lookup_symbol_aux /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1488
    #27 0x9c5ccc in lookup_symbol_in_language /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1334
    #28 0x9c5d82 in lookup_symbol /home/jkratoch/redhat/gdb-clean-f20/gdb/symtab.c:1349
    #29 0x9ea09a in set_initial_language /home/jkratoch/redhat/gdb-clean-f20/gdb/symfile.c:1702
    #30 0x9e86d3 in symbol_file_add_main_1 /home/jkratoch/redhat/gdb-clean-f20/gdb/symfile.c:1329
    #31 0x9e9fc3 in symbol_file_command /home/jkratoch/redhat/gdb-clean-f20/gdb/symfile.c:1669
    #32 0xae4323 in file_command /home/jkratoch/redhat/gdb-clean-f20/gdb/exec.c:329
    #33 0x7f131e in do_cfunc /home/jkratoch/redhat/gdb-clean-f20/gdb/./cli/cli-decode.c:107
    #34 0x7f8d3e in cmd_func /home/jkratoch/redhat/gdb-clean-f20/gdb/./cli/cli-decode.c:1886
    #35 0xcc7cc6 in execute_command /home/jkratoch/redhat/gdb-clean-f20/gdb/top.c:461
    #36 0xa4e258 in catch_command_errors /home/jkratoch/redhat/gdb-clean-f20/gdb/exceptions.c:551
    #37 0xa5a2f3 in captured_main /home/jkratoch/redhat/gdb-clean-f20/gdb/main.c:1073
    #38 0xa4e03d in catch_errors /home/jkratoch/redhat/gdb-clean-f20/gdb/exceptions.c:524
    #39 0xa5a3a6 in gdb_main /home/jkratoch/redhat/gdb-clean-f20/gdb/main.c:1105
    #40 0x49307e in main /home/jkratoch/redhat/gdb-clean-f20/gdb/gdb.c:33
    #41 0x3721e21d64 in __libc_start_main (/lib64/libc.so.6+0x3721e21d64)
    #42 0x492e48 in _start (/home/jkratoch/redhat/gdb-clean-f20/gdb/gdb+0x492e48)
0x606200145eb0 is located 2992 bytes inside of 4064-byte region [0x606200145300,0x6062001462e0)
freed by thread T0 here:
    #0 0x7f4e28c550f9 in __interceptor_free /usr/src/debug/gcc-4.8.2-20131212/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_malloc_linux.cc:61
    #1 0xd53840 in xfree /home/jkratoch/redhat/gdb-clean-f20/gdb/./common/common-utils.c:108
    #2 0x3721e84857 in obstack_free (/lib64/libc.so.6+0x3721e84857)
previously allocated by thread T0 here:
    #0 0x7f4e28c55219 in __interceptor_malloc /usr/src/debug/gcc-4.8.2-20131212/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_malloc_linux.cc:71
    #1 0xd536f7 in xmalloc /home/jkratoch/redhat/gdb-clean-f20/gdb/./common/common-utils.c:51
    #2 0x3721e8477d in __GI__obstack_newchunk (/lib64/libc.so.6+0x3721e8477d)
SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/gcc-4.8.2-20131212/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_interceptors.cc:399 __interceptor_strcmp
Shadow bytes around the buggy address:
  0x0c0cc0020b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c0cc0020b90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c0cc0020ba0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c0cc0020bb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c0cc0020bc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c0cc0020bd0: fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd
  0x0c0cc0020be0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c0cc0020bf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c0cc0020c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c0cc0020c10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c0cc0020c20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==2077== ABORTING

Follow-Ups:
- Re: ASAN crash regression [Re: [PATCH 2/2] move the demangled_names_hash into the per-BFD]
  - From: Tom Tromey

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]