Bug 18929 - NULL deref on throw in cp_print_value_fields
Summary: NULL deref on throw in cp_print_value_fields
Status: RESOLVED DUPLICATE of bug 20020
Alias: None
Product: gdb
Classification: Unclassified
Component: gdb (show other bugs)
Version: 7.10
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-07 01:41 UTC by Anton Mamontov
Modified: 2019-06-18 13:51 UTC (History)
4 users (show)

See Also:
Host: x86_64-w64-mingw32
Target: x86_64-linux-gnu
Build: x86_64-w64-mingw32
Last reconfirmed:


Attachments
Patch (389 bytes, patch)
2015-09-07 01:41 UTC, Anton Mamontov
Details | Diff
PatchFixed (366 bytes, patch)
2015-09-07 01:51 UTC, Anton Mamontov
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Mamontov 2015-09-07 01:41:18 UTC
Created attachment 8583 [details]
Patch

I think i found a bug

gdb-7.10/gdb/cp-valprint.c:316

struct value *v = NULL;
TRY { v = value_static_field (type, i); }
CATCH ... 
END_CATCH

cp_print_static_field (TYPE_FIELD_TYPE (type, i),
		 v, stream, recurse + 1,
		 options);

Assume that throw happend in value_static_field, then "v" would still 
be NULL, but cp_print_static_field expects "v" to be non-zero. This 
situation would lead to SEGFAULT

Propose to place "v" and cp_print_static_field call into TRY block

Digging in git history, I found out that, if v == NULL before 
cp_print_static_field call, then val_print_optimized_out happend 
(commit 686d4defdf4a343d4b700b8b544cd40c4f16b0d1). But in my case 
variable was not optimized out, and value_static_field throws. 

P.S.: I was debugging remote linux application from windows host.

Patch to 7.10 attached
Comment 1 Anton Mamontov 2015-09-07 01:51:42 UTC
Created attachment 8584 [details]
PatchFixed
Comment 2 Matteo Settenvini 2015-10-02 07:07:53 UTC
Confirming. I independently reached the same conclusion after seeing gdb segfaulting reproducibly when printing values from a binary compiled with -fvisibility=hidden.

I was going to submit exactly the same patch, so I would be glad if this fix could be included in next gdb's release. Without it, gdb crashes almost in every session, especially when using it in concert with an IDE which attempts to print all local variables.
Comment 3 Ales Novak 2016-03-18 12:39:14 UTC
Good catch, Anton! I think you should send it to gdb-patches directly.
Comment 4 Anton Mamontov 2016-03-21 13:16:14 UTC
(In reply to Ales Novak from comment #3)
> Good catch, Anton! I think you should send it to gdb-patches directly.

I would if you can tell me how =). I know only Bugzilla for patch proposal
Comment 5 rguenther 2016-03-21 13:36:05 UTC
On Mon, 21 Mar 2016, anton_nix at mail dot ru wrote:

> https://sourceware.org/bugzilla/show_bug.cgi?id=18929
> 
> --- Comment #4 from Anton Mamontov <anton_nix at mail dot ru> ---
> (In reply to Ales Novak from comment #3)
> > Good catch, Anton! I think you should send it to gdb-patches directly.
> 
> I would if you can tell me how =). I know only Bugzilla for patch proposal

Send it as mail to gdb@sourceware.org together with a ChangeLog entry.
Comment 6 Tom de Vries 2019-06-18 13:51:39 UTC
Duplicate of PR20020

*** This bug has been marked as a duplicate of bug 20020 ***