This is the mail archive of the
gdb-prs@sourceware.org
mailing list for the GDB project.
[Bug symtab/13208] New: crash: Double-calling bfd_close
- From: "sphink at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: gdb-prs at sourceware dot org
- Date: Tue, 20 Sep 2011 21:49:04 +0000
- Subject: [Bug symtab/13208] New: crash: Double-calling bfd_close
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=13208
Bug #: 13208
Summary: crash: Double-calling bfd_close
Product: gdb
Version: HEAD
Status: NEW
Severity: normal
Priority: P2
Component: symtab
AssignedTo: unassigned@sourceware.org
ReportedBy: sphink@gmail.com
Classification: Unclassified
I'm getting a crash when bfd_close gets called twice. In dwarf2read.c's
read_full_die, I'm hitting an error, and one of the cleanup routines calls
free_objfile which calls bfd_close, and then later another cleanup routine
calls bfd_close directly on the now-closed bfd.
I am using 25993ce40950a8b34b31efd49790a16be3d5c519 from the
archer-tromey-python branch, so it's post-7.3. I am also using the JIT code
registration API (which definitely seems to have issues -- after a few runs, it
tends to make the inferior jump to halfway between two x86 instructions. But
I'll file that when I can reproduce reliably.) When it crashes, I've registered
about 11 in-memory ELF objects with a single function each.
Here's what valgrind says:
==14595== Invalid read of size 4
==14595== at 0x6592EE: bfd_close (opncls.c:699)
==14595== by 0x45D3F5: do_my_cleanups (utils.c:515)
==14595== by 0x5694AD: throw_exception (exceptions.c:235)
==14595== by 0x56957F: throw_it (exceptions.c:403)
==14595== by 0x569925: throw_verror (exceptions.c:409)
==14595== by 0x45D9E2: error (utils.c:780)
==14595== by 0x5A5941: read_full_die (dwarf2read.c:8973)
==14595== by 0x5B1C4F: process_psymtab_comp_unit (dwarf2read.c:3356)
==14595== by 0x5B2136: dwarf2_build_psymtabs (dwarf2read.c:3570)
==14595== by 0x542555: require_partial_symbols (psymtab.c:92)
==14595== by 0x5486A9: syms_from_objfile (symfile.c:1024)
==14595== by 0x54886A: symbol_file_add_with_addrs_or_offsets.clone.7
(symfile.c:1130)
==14595== Address 0x100543c0 is 80 bytes inside a block of size 296 free'd
==14595== at 0x4A05187: free (vg_replace_malloc.c:325)
==14595== by 0x65935F: bfd_close (opncls.c:720)
==14595== by 0x456D0B: gdb_bfd_close_or_warn (objfiles.c:1510)
==14595== by 0x456FCB: gdb_bfd_unref (objfiles.c:1567)
==14595== by 0x4570CD: free_objfile (objfiles.c:605)
==14595== by 0x45D3F5: do_my_cleanups (utils.c:515)
==14595== by 0x5694AD: throw_exception (exceptions.c:235)
==14595== by 0x56957F: throw_it (exceptions.c:403)
==14595== by 0x569925: throw_verror (exceptions.c:409)
==14595== by 0x45D9E2: error (utils.c:780)
==14595== by 0x5A5941: read_full_die (dwarf2read.c:8973)
==14595== by 0x5B1C4F: process_psymtab_comp_unit (dwarf2read.c:3356)
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.