This is the mail archive of the gdb-prs@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug c++/10344] New: Pretty printers that call into inferior could crash GDB


Pretty printers that call into inferior could crash GDB if they themselves
trigger SIGSEGV in the inferior at inopportune time.

Tom Tromey asked me to submit this:
http://sourceware.org/ml/gdb/2009-06/msg00311.html

--- cut --- t.cc ---
struct Foo {
  Foo() : p(0) { }
  const char *print() const;
  char **p;
};

const char *Foo::print() const
{
  return *p; // crash!
}

char **bar(Foo f)
{
  return f.p;
}

int main()
{
   Foo f;
   bar(f);
   return 0;
}
--- cut --- t.cc ---

--- cut --- t.py ---
# Pretty printer for Foo, which calls into inferior

import gdb

class FooPrinter:

  def __init__(self, val):
    self.val = val

  def to_string(self):
    x = self.val.address
    return gdb.parse_and_eval('Foo::print(%s)' % str(x))

def lookup(val):
  if str(val.type) == "Foo":
    return FooPrinter(val)
  return None

gdb.pretty_printers = [ lookup ]
--- cut --- t.py ---

Using latest archer-tromey-python:

 gdb -q -ex 'set prompt (top) ' -ex run  --args \
   archer-new/build/gdb/gdb -ex 'source t.py' -ex 'break bar' -ex run ./a.out

Using host libthread_db library "/lib/libthread_db.so.1".
[New Thread 0x7ffff7fd86e0 (LWP 23402)]
GNU gdb (GDB) 6.8.50.20090106-cvs
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Breakpoint 1 at 0x400378: file t.cc, line 14.

Breakpoint 1, bar (f=
Program received signal SIGSEGV, Segmentation fault.
0x000000000040036b in Foo::print (

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7ffff7fd86e0 (LWP 23402)]
0x00007ffff6e69095 in raise () from /lib/libc.so.6
(top) bt
#0  0x00007ffff6e69095 in raise () from /lib/libc.so.6
#1  0x00007ffff6e6aaf0 in abort () from /lib/libc.so.6
#2  0x000000000045dab2 in internal_vproblem (problem=0x9f3400, file=0x6cb79e
"../../gdb/ui-out.c", line=129, 
    fmt=0x12ce9c0 "../../gdb/ui-out.c:129: internal-error: push_level: Assertion
`uiout->level >= 0 && uiout->level < MAX_UI_OUT_LEVELS' failed.\nA problem
internal to GDB has been detected,\nfurther debugging may prove u"..., ap=0x1)
at ../../gdb/utils.c:949
#3  0x000000000045abe9 in internal_verror (file=0x5b6a <Address 0x5b6a out of
bounds>, line=6, fmt=0xffffffffffffffff <Address 0xffffffffffffffff out of
bounds>, ap=0x0) at ../../gdb/utils.c:964
#4  0x000000000045ac81 in internal_error (file=0x5b6a <Address 0x5b6a out of
bounds>, line=23402, string=0x6 <Address 0x6 out of bounds>) at
../../gdb/utils.c:973
#5  0x0000000000567e0f in ui_out_begin (uiout=0xb016b0, type=ui_out_type_tuple,
id=0x0) at ../../gdb/ui-out.c:129
#6  0x0000000000567e6e in make_cleanup_ui_out_tuple_begin_end (uiout=0x5b6a,
id=0x6 <Address 0x6 out of bounds>) at ../../gdb/ui-out.c:444
#7  0x0000000000506c4c in print_frame_args (func=<value optimized out>,
frame=0xa6f8a0, num=-1, stream=0xabbb70) at ../../gdb/stack.c:312
#8  0x0000000000507703 in print_args_stub (args=<value optimized out>) at
../../gdb/stack.c:401
#9  0x000000000050bb4b in catch_errors (func=0x5076c0 <print_args_stub>,
func_args=0x7fffffffbf30, errstring=0x67851e "", mask=<value optimized out>) at
../../gdb/exceptions.c:516
#10 0x0000000000508b85 in print_frame_info (frame=0xa6f8a0, print_level=<value
optimized out>, print_what=SRC_AND_LOC, print_args=1) at ../../gdb/stack.c:677
#11 0x0000000000509064 in print_stack_frame_stub (args=0x7fffffffc010) at
../../gdb/stack.c:96
#12 0x000000000050bb4b in catch_errors (func=0x509040 <print_stack_frame_stub>,
func_args=0x7fffffffc010, errstring=0x67851e "", mask=<value optimized out>) at
../../gdb/exceptions.c:516
#13 0x000000000050800c in print_stack_frame (frame=<value optimized out>,
print_level=<value optimized out>, print_what=SRC_AND_LOC) at ../../gdb/stack.c:120
#14 0x00000000004fdcfc in normal_stop () at ../../gdb/infrun.c:4333
#15 0x0000000000502e86 in proceed (addr=<value optimized out>,
siggnal=TARGET_SIGNAL_0, step=<value optimized out>) at ../../gdb/infrun.c:1464
#16 0x00000000004f7c01 in call_function_by_hand (function=0xc70560, nargs=1,
args=0x7fffffffc3c8) at ../../gdb/infcall.c:682
#17 0x00000000004d4933 in evaluate_subexp_standard (expect_type=<value optimized
out>, exp=0x11592a0, pos=0x7fffffffc7a4, noside=EVAL_NORMAL) at
../../gdb/eval.c:1521
#18 0x00000000004d2bad in evaluate_expression (exp=0x5b6a) at ../../gdb/eval.c:166
#19 0x00000000004d85f4 in parse_and_eval (exp=<value optimized out>) at
../../gdb/eval.c:135
#20 0x00000000004aa5f4 in gdbpy_parse_and_eval (self=<value optimized out>,
args=<value optimized out>) at ../../gdb/python/python.c:402
#21 0x00007ffff7455940 in PyEval_EvalFrameEx () from /usr/lib/libpython2.5.so.1.0
#22 0x00007ffff7456a86 in PyEval_EvalCodeEx () from /usr/lib/libpython2.5.so.1.0
#23 0x00007ffff73f670a in ?? () from /usr/lib/libpython2.5.so.1.0
#24 0x00007ffff73d4f23 in PyObject_Call () from /usr/lib/libpython2.5.so.1.0
#25 0x00007ffff73dc65f in ?? () from /usr/lib/libpython2.5.so.1.0
#26 0x00007ffff73d4f23 in PyObject_Call () from /usr/lib/libpython2.5.so.1.0
#27 0x00007ffff73d900c in PyObject_CallMethodObjArgs () from
/usr/lib/libpython2.5.so.1.0
#28 0x00000000004ab0e7 in pretty_print_one_value (printer=0x7ffff7ed27a0,
out_value=0x7fffffffcfb0) at ../../gdb/python/python.c:843
#29 0x00000000004ab6e3 in apply_val_pretty_printer (type=<value optimized out>,
valaddr=<value optimized out>, embedded_offset=0, address=<value optimized out>,
stream=0x106c710, recurse=2, 
    options=0x7fffffffd160, language=0x6c9a60) at ../../gdb/python/python.c:912
#30 0x00000000004e2344 in val_print (type=0xb50b30, valaddr=0x106c7c0 "",
embedded_offset=0, address=140737488345640, stream=0x106c710, recurse=2,
options=0x7fffffffd160, language=0x6c9a60)
    at ../../gdb/valprint.c:292
#31 0x00000000004e27dc in common_val_print (val=0x12f3e80, stream=0x106c710,
recurse=2, options=0x7fffffffd160, language=0x6c9a60) at ../../gdb/valprint.c:364
#32 0x0000000000506b68 in print_frame_args (func=<value optimized out>,
frame=0xa6f8a0, num=-1, stream=0xabbb70) at ../../gdb/stack.c:348
#33 0x0000000000507703 in print_args_stub (args=<value optimized out>) at
../../gdb/stack.c:401
#34 0x000000000050bb4b in catch_errors (func=0x5076c0 <print_args_stub>,
func_args=0x7fffffffd320, errstring=0x67851e "", mask=<value optimized out>) at
../../gdb/exceptions.c:516
#35 0x0000000000508b85 in print_frame_info (frame=0xa6f8a0, print_level=<value
optimized out>, print_what=SRC_AND_LOC, print_args=1) at ../../gdb/stack.c:677
#36 0x0000000000509064 in print_stack_frame_stub (args=0x7fffffffd400) at
../../gdb/stack.c:96
#37 0x000000000050bb4b in catch_errors (func=0x509040 <print_stack_frame_stub>,
func_args=0x7fffffffd400, errstring=0x67851e "", mask=<value optimized out>) at
../../gdb/exceptions.c:516
#38 0x000000000050800c in print_stack_frame (frame=<value optimized out>,
print_level=<value optimized out>, print_what=SRC_AND_LOC) at ../../gdb/stack.c:120
#39 0x00000000004fdcfc in normal_stop () at ../../gdb/infrun.c:4333
#40 0x0000000000502e86 in proceed (addr=<value optimized out>,
siggnal=TARGET_SIGNAL_0, step=<value optimized out>) at ../../gdb/infrun.c:1464
#41 0x00000000004fbcf6 in run_command_1 (args=0x0, from_tty=0,
tbreak_at_main=<value optimized out>) at ../../gdb/infcmd.c:552
#42 0x0000000000459abd in execute_command (p=0x7fffffffdef6 "", from_tty=0) at
../../gdb/top.c:457
#43 0x000000000050bac6 in catch_command_errors (command=0x459780
<execute_command>, arg=0x7fffffffdef3 "run", from_tty=1, mask=<value optimized
out>) at ../../gdb/exceptions.c:531
#44 0x0000000000452b72 in captured_main (data=<value optimized out>) at
../../gdb/main.c:868
#45 0x000000000050bb4b in catch_errors (func=0x452490 <captured_main>,
func_args=0x7fffffffd9a0, errstring=0x67851e "", mask=<value optimized out>) at
../../gdb/exceptions.c:516
#46 0x0000000000452444 in gdb_main (args=0x5b6a) at ../../gdb/main.c:931
#47 0x0000000000452416 in main (argc=<value optimized out>, argv=0x5b6a) at
../../gdb/gdb.c:33
(top)

-- 
           Summary: Pretty printers that call into inferior could crash GDB
           Product: gdb
           Version: archer
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: c++
        AssignedTo: unassigned at sourceware dot org
        ReportedBy: ppluzhnikov at google dot com
                CC: gdb-prs at sourceware dot org,tromey at redhat dot com
 GCC build triplet: x86_64-unknown-linux-gnu
  GCC host triplet: x86_64-unknown-linux-gnu
GCC target triplet: x86_64-unknown-linux-gnu


http://sourceware.org/bugzilla/show_bug.cgi?id=10344

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]