This is the mail archive of the gdb-prs@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug gdb/16156] New: crash when breakpoint with condition that causes exit is hit


https://sourceware.org/bugzilla/show_bug.cgi?id=16156

            Bug ID: 16156
           Summary: crash when breakpoint with condition that causes exit
                    is hit
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: palves at redhat dot com

Set a breakpoint that is conditional on the result of a function that causes an
exit.  continue or next over the breakpoint line.  GDB will sometimes crash.

Reproducer:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#include <stdlib.h>
#include <stdio.h>

int
do_exit (void)
{
  exit (0);
  return 0;
}

int
main (void)
{
  volatile unsigned int count = 0;

  count = 1;
  while (1)
    count++;

  return 0;
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(gdb) start
...
(gdb) b 18 if do_exit ()
Breakpoint 2 at 0x4004fc: file exiter.c, line 18.
(gdb) c
Continuing.
[Inferior 1 (process 24977) exited normally]
Error in testing breakpoint condition:
The program being debugged exited while in a function called from GDB.
Evaluation of the expression containing the function
(do_exit) will be abandoned.
No registers.
(gdb) 

With a more complicated test I was consistently getting a crash.
With this one, I'm "lucky", and things don't actually crash, but valgrind
does show bad things:

(gdb) b 18 if do_exit ()
Breakpoint 2 at 0x4004fc: file exiter.c, line 18.
(gdb) c
Continuing.
[Inferior 1 (process 24940) exited normally]
Error in testing breakpoint condition:
The program being debugged exited while in a function called from GDB.
Evaluation of the expression containing the function
(do_exit) will be abandoned.
==24937== Invalid write of size 8
==24937==    at 0x5D2541: handle_inferior_event (infrun.c:4257)
==24937==    by 0x5CF0A9: wait_for_inferior (infrun.c:2762)
==24937==    by 0x5CE45D: proceed (infrun.c:2342)
==24937==    by 0x5C66FA: continue_1 (infcmd.c:726)
==24937==    by 0x5C6973: continue_command (infcmd.c:818)
==24937==    by 0x4DCDFA: do_cfunc (cli-decode.c:107)
==24937==    by 0x4DFE8F: cmd_func (cli-decode.c:1882)
==24937==    by 0x6EA5D8: execute_command (top.c:467)
==24937==    by 0x5F08B6: command_handler (event-top.c:435)
==24937==    by 0x5F0E99: command_line_handler (event-top.c:633)
==24937==    by 0x743AF1: rl_callback_read_char (callback.c:220)
==24937==    by 0x5F03D8: rl_callback_read_char_wrapper (event-top.c:164)
==24937==  Address 0xbf69770 is 192 bytes inside a block of size 400 free'd
==24937==    at 0x4A07786: free (vg_replace_malloc.c:446)
==24937==    by 0x724A20: xfree (common-utils.c:108)
==24937==    by 0x5E130C: free_thread (thread.c:151)
==24937==    by 0x5E17E7: delete_thread_1 (thread.c:316)
==24937==    by 0x5E181B: delete_thread (thread.c:326)
==24937==    by 0x714DFE: delete_thread_of_inferior (inferior.c:182)
==24937==    by 0x5E193C: iterate_over_threads (thread.c:383)
==24937==    by 0x714F9C: exit_inferior_1 (inferior.c:260)
==24937==    by 0x715064: exit_inferior (inferior.c:289)
==24937==    by 0x617064: generic_mourn_inferior (target.c:3790)
==24937==    by 0x492CB8: inf_ptrace_mourn_inferior (inf-ptrace.c:180)
==24937==    by 0x49F416: linux_nat_mourn_inferior (linux-nat.c:3831)
==24937== 
==24937== Invalid read of size 4
==24937==    at 0x5D25BF: handle_inferior_event (infrun.c:4302)
==24937==    by 0x5CF0A9: wait_for_inferior (infrun.c:2762)
==24937==    by 0x5CE45D: proceed (infrun.c:2342)
==24937==    by 0x5C66FA: continue_1 (infcmd.c:726)
==24937==    by 0x5C6973: continue_command (infcmd.c:818)
==24937==    by 0x4DCDFA: do_cfunc (cli-decode.c:107)
==24937==    by 0x4DFE8F: cmd_func (cli-decode.c:1882)
==24937==    by 0x6EA5D8: execute_command (top.c:467)
==24937==    by 0x5F08B6: command_handler (event-top.c:435)
==24937==    by 0x5F0E99: command_line_handler (event-top.c:633)
==24937==    by 0x743AF1: rl_callback_read_char (callback.c:220)
==24937==    by 0x5F03D8: rl_callback_read_char_wrapper (event-top.c:164)
==24937==  Address 0xbf69780 is 208 bytes inside a block of size 400 free'd
==24937==    at 0x4A07786: free (vg_replace_malloc.c:446)
==24937==    by 0x724A20: xfree (common-utils.c:108)
==24937==    by 0x5E130C: free_thread (thread.c:151)
==24937==    by 0x5E17E7: delete_thread_1 (thread.c:316)
==24937==    by 0x5E181B: delete_thread (thread.c:326)
==24937==    by 0x714DFE: delete_thread_of_inferior (inferior.c:182)
==24937==    by 0x5E193C: iterate_over_threads (thread.c:383)
==24937==    by 0x714F9C: exit_inferior_1 (inferior.c:260)
==24937==    by 0x715064: exit_inferior (inferior.c:289)
==24937==    by 0x617064: generic_mourn_inferior (target.c:3790)
==24937==    by 0x492CB8: inf_ptrace_mourn_inferior (inf-ptrace.c:180)
==24937==    by 0x49F416: linux_nat_mourn_inferior (linux-nat.c:3831)

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]