This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[ob] Fix two memory corruption bugs
- From: Daniel Jacobowitz <drow at false dot org>
- To: gdb-patches at sourceware dot org
- Date: Wed, 11 Mar 2009 16:29:17 -0400
- Subject: [ob] Fix two memory corruption bugs
I encountered a crash in watchpoint.exp on our local branch. That
branch has an ARM patch we'll be posting soon to support VFP. That
in turn causes arm_return_value to use the supplied type argument -
which was corrupt. That's because the code in
bpstat_check_breakpoint_conditions has freed values during proceed,
so the function value supplied to call_function_by_hand was
invalidated. There's another place in breakpoint.c which uses
value_mark to avoid this problem, so duplicate it here.
I tracked it down under valgrind, which located the objfiles.c bug;
ARM's clear_objfile_data hook uses objfile->obfd which had already
been freed.
I've tested this on x86_64 and ARM, both Linux, and checked it in.
--
Daniel Jacobowitz
CodeSourcery
2009-03-11 Daniel Jacobowitz <dan@codesourcery.com>
* breakpoint.c (bpstat_check_breakpoint_conditions): Use
value_mark and value_free_to_mark.
* objfiles.c (free_objfile): Call objfile_free_data before
freeing the BFD.
Index: breakpoint.c
===================================================================
RCS file: /cvs/src/src/gdb/breakpoint.c,v
retrieving revision 1.382
diff -u -p -r1.382 breakpoint.c
--- breakpoint.c 6 Mar 2009 18:51:05 -0000 1.382
+++ breakpoint.c 11 Mar 2009 20:17:37 -0000
@@ -2882,6 +2882,13 @@ bpstat_check_breakpoint_conditions (bpst
if (bl->cond && bl->owner->disposition != disp_del_at_next_stop)
{
+ /* We use value_mark and value_free_to_mark because it could
+ be a long time before we return to the command level and
+ call free_all_values. We can't call free_all_values
+ because we might be in the middle of evaluating a
+ function call. */
+ struct value *mark = value_mark ();
+
/* Need to select the frame, with all that implies
so that the conditions will have the right context. */
select_frame (get_current_frame ());
@@ -2890,7 +2897,7 @@ bpstat_check_breakpoint_conditions (bpst
"Error in testing breakpoint condition:\n",
RETURN_MASK_ALL);
/* FIXME-someday, should give breakpoint # */
- free_all_values ();
+ value_free_to_mark (mark);
}
if (bl->cond && value_is_zero)
{
Index: objfiles.c
===================================================================
RCS file: /cvs/src/src/gdb/objfiles.c,v
retrieving revision 1.81
diff -u -p -r1.81 objfiles.c
--- objfiles.c 15 Jan 2009 16:35:22 -0000 1.81
+++ objfiles.c 11 Mar 2009 20:17:37 -0000
@@ -422,6 +422,9 @@ free_objfile (struct objfile *objfile)
(*objfile->sf->sym_finish) (objfile);
}
+ /* Discard any data modules have associated with the objfile. */
+ objfile_free_data (objfile);
+
/* We always close the bfd, unless the OBJF_KEEPBFD flag is set. */
if (objfile->obfd != NULL && !(objfile->flags & OBJF_KEEPBFD))
@@ -476,7 +479,6 @@ free_objfile (struct objfile *objfile)
/* The last thing we do is free the objfile struct itself. */
- objfile_free_data (objfile);
if (objfile->name != NULL)
{
xfree (objfile->name);