This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[Bug translator/15452] segmentation fault in libdw while running compiling debugtypes.stp on rawhide
- From: "mjw at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: systemtap at sourceware dot org
- Date: Fri, 10 May 2013 18:16:38 +0000
- Subject: [Bug translator/15452] segmentation fault in libdw while running compiling debugtypes.stp on rawhide
- Auto-submitted: auto-generated
- References: <bug-15452-6586 at http dot sourceware dot org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=15452
--- Comment #3 from Mark Wielaard <mjw at redhat dot com> 2013-05-10 18:16:38 UTC ---
The problematic DIEs are:
[ a8] variable
name (string) "S1"
decl_file (data1) 1
decl_line (data1) 11
type (ref4) [ bc]
external (flag_present) Yes
location (exprloc)
[ 0] addr 0x601060 <S1>
[ bc] structure_type
signature (ref_sig8) {37e91ebb1355d09b}
The issue is in systemtap dwflpp::print_members, which has:
// Try to get the first child of vardie.
Dwarf_Die die_mem, import;
Dwarf_Die *die = &die_mem;
switch (dwarf_child (vardie, die))
{
case 1: // No children.
o << _F("%s is empty", dwarf_type_name(vardie).c_str());
break;
case -1: // Error.
default: // Shouldn't happen.
o << dwarf_type_name(vardie)
<< ": " << dwarf_errmsg (-1);
break;
case 0: // Success.
break;
}
For the structure_type DIE dwarf_child will return 1 and die will be garbage.
So the following dwarf_siblingof (die, die) will crash.
The following will prevent the crash:
diff --git a/dwflpp.cxx b/dwflpp.cxx
index f41d6c7..55c411b 100644
--- a/dwflpp.cxx
+++ b/dwflpp.cxx
@@ -2473,13 +2473,13 @@ dwflpp::print_members(Dwarf_Die *vardie, ostream &o,
set<string> &dupes)
{
case 1: // No children.
o << _F("%s is empty", dwarf_type_name(vardie).c_str());
- break;
+ return;
case -1: // Error.
default: // Shouldn't happen.
o << dwarf_type_name(vardie)
<< ": " << dwarf_errmsg (-1);
- break;
+ return;
case 0: // Success.
break;
But obviously then the testcase will fail with:
semantic error: unable to find member 'l' for struct {...} (alternatives:struct
{...} is empty): operator '->' at
/home/mark/src/systemtap/testsuite/systemtap.pass1-4/debugtypes.stp:4:13
source: println($p->l)
^
Pass 2: analysis failed. [man error::pass2]
Because the code doesn't handle the DW_AT_signature.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.