[Bug c++/20020] GDB segfault on printing objects

["guillaume at morinfr dot org" <sourceware-bugzilla at sourceware dot org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=20020

--- Comment #2 from Guillaume Morin <guillaume at morinfr dot org> ---
We have started experiencing a similar crash when we switched to g++ 7.1 with
c++17 semantics.  When gdb tries to print a "static constexpr", it triggers a
"error reading variable: Missing ELF symbol" exception and then crashes at the
same place as the original reporter. This seems to happen with every release at
least from gdb 7.11. I also built the git master and could reproduce the
problem as well.

It's not entirely clear that this is the same exact bug but the crash backtrace
is completely similar

I have a simple reproducer:

$ cat main.cpp 
struct A {
    static constexpr const char *a = "a";
    void foo() { }
};

int main(void) {
    A a;
    a.foo();
}

Compile with g++ 7.1 with C++17 semantics: g++-7 -std=c++17 -g -o main main.cpp

Now run it with gdb:

$ gdb main
GNU gdb (Debian 7.11.1-2~bpo8+1) 7.11.1
(...)
(gdb) b A::foo
Breakpoint 1 at 0x40055e: file main.cpp, line 6.
(gdb) r
Starting program: main 

Breakpoint 1, A::foo (this=0x7fffffffe09f) at main.cpp:6
6           void foo() { }
(gdb) print *this
Segmentation fault (core dumped)

If I patch the source with the workaround mentioned by Thilo (i.e set the ptr
to NULL in the catch block and call cp_print_static_field() only if v is not
NULL), it does not crash:
(gdb) print *this
$1 = {static a = <error reading variable: Missing ELF symbol "A::a".>}

If I compile the program above with the default c++ semantics(c++ 14), I get 
(gdb) print *this
$1 = {static a = <optimized out>}

With the current git master (8.0.50.20170801-git), this is the backtrace I get
for the gdb crash:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  value_entirely_covered_by_range_vector (value=0x0, ranges=0x90) at
value.c:401
401       if (value->lazy)
(gdb) bt
#0  value_entirely_covered_by_range_vector (value=0x0, ranges=0x90) at
value.c:401
#1  0x0000000000563282 in cp_print_static_field (options=<optimized out>,
recurse=<optimized out>, stream=<optimized out>, val=<optimized out>,
type=<optimized out>) at cp-valprint.c:640
#2  cp_print_value_fields (type=0x0, real_type=0x90, real_type@entry=0xf1cd00,
offset=offset@entry=0, address=0, address@entry=140737488347295,
stream=0xf194c0, recurse=16998736, recurse@entry=0, val=0xf8fc00,
options=0x7fffffffda20, dont_print_vb=0x0, dont_print_statmem=0)
    at cp-valprint.c:335
#3  0x00000000005639ca in cp_print_value_fields_rtti (type=<optimized out>,
type@entry=0xf1cd00, valaddr=0xf6a330 "", offset=offset@entry=0,
address=140737488347295, stream=0xf194c0, recurse=0, val=0xf8fc00,
options=0x7fffffffda20, dont_print_vb=0x0, dont_print_statmem=0)
    at cp-valprint.c:456
#4  0x000000000054bf52 in c_val_print_struct (type=0xf1cd00, valaddr=<optimized
out>, embedded_offset=0, address=<optimized out>, stream=<optimized out>,
recurse=<optimized out>, original_value=0xf8fc00, options=0x7fffffffda20) at
c-valprint.c:412
#5  0x000000000054c46f in c_val_print (type=0xf1cd00, embedded_offset=0,
address=0, stream=0xf194c0, recurse=0, original_value=0xf8fc00,
options=0x7fffffffda20) at c-valprint.c:530
#6  0x0000000000699270 in val_print (type=0x0, type@entry=0xf1cd00,
embedded_offset=0, address=15846656, address@entry=140737488347295,
stream=stream@entry=0xf194c0, recurse=32767, recurse@entry=0,
val=val@entry=0xf8fc00, options=0x7fffffffdae0, language=0x843b80
<cplus_language_defn>)
    at valprint.c:1109
#7  0x000000000054cc1f in c_value_print (val=0xf8fc00, stream=0xf194c0,
options=<optimized out>) at c-valprint.c:702
#8  0x0000000000622218 in print_value (val=val@entry=0xf8fc00,
fmtp=fmtp@entry=0x7fffffffdbf0) at ./printcmd.c:1179
#9  0x00000000006222ae in print_command_1 (exp=0xd3e366 "*this", voidprint=1)
at ./printcmd.c:1207
#10 0x00000000004999e9 in cmd_func (cmd=<optimized out>, args=<optimized out>,
from_tty=<optimized out>) at cli/cli-decode.c:1902
#11 0x0000000000684ce6 in execute_command (p=<optimized out>, p@entry=0xd3e360
"print *this", from_tty=1) at top.c:675
#12 0x00000000005ab7dc in command_handler (command=0xd3e360 "print *this") at
event-top.c:590
#13 0x00000000005abad8 in command_line_handler (rl=<optimized out>) at
event-top.c:780
#14 0x00000000005aae2c in gdb_rl_callback_handler (rl=0xf6a330 "") at
event-top.c:213
#15 0x00000000006c6698 in rl_callback_read_char () at callback.c:220
#16 0x00000000005aad6e in gdb_rl_callback_read_char_wrapper_noexcept () at
event-top.c:175
#17 0x00000000005aadd9 in gdb_rl_callback_read_char_wrapper
(client_data=<optimized out>) at event-top.c:192
#18 0x00000000005ab300 in stdin_event_handler (error=<optimized out>,
client_data=0xd3ebc0) at event-top.c:518
#19 0x00000000005aa215 in gdb_wait_for_event (block=block@entry=1) at
event-loop.c:859
#20 0x00000000005aa3d3 in gdb_do_one_event () at event-loop.c:347
#21 0x00000000005aa485 in start_event_loop () at event-loop.c:371
#22 0x00000000005ff408 in captured_command_loop (data=data@entry=0x0) at
main.c:325
#23 0x00000000005ac3c3 in catch_errors (func=func@entry=0x5ff3e0
<captured_command_loop(void*)>, func_args=func_args@entry=0x0,
errstring=errstring@entry=0x7f0ede "", mask=mask@entry=RETURN_MASK_ALL) at
exceptions.c:236
#24 0x0000000000600366 in captured_main (data=0x7fffffffdec0) at main.c:1150
#25 gdb_main (args=args@entry=0x7fffffffdff0) at main.c:1160
#26 0x0000000000411ae5 in main (argc=<optimized out>, argv=<optimized out>) at
gdb.c:32

-- 
You are receiving this mail because:
You are on the CC list for the bug.