This is the mail archive of the gdb-prs@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

server/2239: gdbserver 6.6 reproducible SEGV killing nonexistent inferior

From: mat at lcs dot mit dot edu
To: gdb-gnats at sources dot redhat dot com
Date: 8 Mar 2007 22:51:14 -0000
Subject: server/2239: gdbserver 6.6 reproducible SEGV killing nonexistent inferior
Reply-to: mat at lcs dot mit dot edu

>Number:         2239
>Category:       server
>Synopsis:       gdbserver 6.6 reproducible SEGV killing nonexistent inferior
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 08 22:58:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     mat@lcs.mit.edu
>Release:        GNU gdb 6.6
>Organization:
>Environment:
Linux ld-1 2.6.9-42.0.8.ELsmp #1 SMP Tue Jan 30 12:18:01 EST 2007 x86_64 x86_64 x86_64 GNU/Linux

ld-1:~$ gcc -v
Using built-in specs.
Target: x86_64-unknown-linux-gnu
Configured with: ../../src/gcc-4.0.2/configure --prefix=/home/global/Linux-x86_64-rhel3/encap/gcc-4.0.2 --disable-libgcj --enable-languages=c,c++
Thread model: posix
gcc version 4.0.2

This GDB was configured as "x86_64-unknown-linux-gnu".
>Description:
A trivial use of gdb+gdbserver SEGVs gdbserver with this backtrace, trying to kill a NULL inferior:

#0  0x0000000000403ca3 in inferior_target_data (inferior=0x0) at inferiors.c:228
#1  0x0000000000408fd8 in linux_kill () at linux-low.c:258
#2  0x0000000000407866 in main (argc=3, argv=0x7fbffff738) at server.c:897
>How-To-Repeat:
1) Compile this program with "gcc -g death.c -o death"

int
main()
{
  sleep(3);
  return 0;
}


2) Run gdbserver listening on port 34567 (or pick another, but then update
   the 34567 in step (3)):

gdbserver :34567 death


3) Create a "commands" text file containing the following gdb commands:

target extended-remote localhost:34567
b main
cont
cont
quit

(using "extended-remote" instead of "remote" is important!)


4) In another window, run gdb, using the commands file to make it
   talk to the gdbserver:

   gdb -x commands death

5) Watch the gdbserver process SEGV. Specifically it dies here:

(gdb) bt
#0  0x0000000000403ca3 in inferior_target_data (inferior=0x0) at inferiors.c:228
#1  0x0000000000408fd8 in linux_kill () at linux-low.c:258
#2  0x0000000000407866 in main (argc=3, argv=0x7fbffff738) at server.c:897

   That's in this call to kill_inferior() in main() when there is
   no inferior to kill, hence the SEGV:

          if (status == 'W' || status == 'X')
            {
              if (extended_protocol)
                {
                  fprintf (stderr, "Killing inferior\n");
                  kill_inferior ();
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]