From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vries@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2205)
 id 369DC3858D37; Thu, 14 Jul 2022 06:19:04 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 369DC3858D37
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Tom de Vries <vries@sourceware.org>
To: gdb-cvs@sourceware.org
Subject: [binutils-gdb] [gdb/symtab] Fix data race in ~charset_vector
X-Act-Checkin: binutils-gdb
X-Git-Author: Tom de Vries <tdevries@suse.de>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 5f6c92298a9823335b3f857591020d6b1ec2e5d0
X-Git-Newrev: 4f92e10cda142fd1f213e01a53ca687e38cddf22
Message-Id: <20220714061904.369DC3858D37@sourceware.org>
Date: Thu, 14 Jul 2022 06:19:04 +0000 (GMT)
X-BeenThere: gdb-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-cvs mailing list <gdb-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-cvs>,
 <mailto:gdb-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-cvs/>
List-Help: <mailto:gdb-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-cvs>,
 <mailto:gdb-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 06:19:04 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D4f92e10cda14=
2fd1f213e01a53ca687e38cddf22

commit 4f92e10cda142fd1f213e01a53ca687e38cddf22
Author: Tom de Vries <tdevries@suse.de>
Date:   Thu Jul 14 08:19:00 2022 +0200

    [gdb/symtab] Fix data race in ~charset_vector
   =20
    When doing:
    ...
    $ gdb ./outputs/gdb.ada/char_enum_unicode/foo -batch -ex "break foo.adb=
:26"
    ...
    with a gdb build with -fsanitize=3Dthread I run into a data race:
    ...
    WARNING: ThreadSanitizer: data race (pid=3D30917)
      Write of size 8 at 0x7b0400004070 by main thread:
        #0 free <null> (libtsan.so.2+0x4c5e2)
        #1 xfree<char> gdbsupport/gdb-xfree.h:37 (gdb+0x650f17)
        #2 charset_vector::clear() gdb/charset.c:703 (gdb+0x651354)
        #3 charset_vector::~charset_vector() gdb/charset.c:697 (gdb+0x6512d=
3)
        #4 <null> <null> (libtsan.so.2+0x32643)
        #5 captured_main_1 gdb/main.c:1310 (gdb+0xa3975a)
    ...
   =20
    The problem is that we're freeing the charset_vector elements in the de=
structor,
    which may still be used by a worker thread.
   =20
    Fix this by not freeing the charset_vector elements in the destructor.
   =20
    Tested on x86_64-linux.
   =20
    Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=3D29311

Diff:
---
 gdb/charset.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gdb/charset.c b/gdb/charset.c
index 74f742e0aa7..a6261fc505c 100644
--- a/gdb/charset.c
+++ b/gdb/charset.c
@@ -694,7 +694,13 @@ struct charset_vector
 {
   ~charset_vector ()
   {
-    clear ();
+    /* Note that we do not call charset_vector::clear, which would also xf=
ree
+       the elements.  This destructor is only called after exit, at which =
point
+       those will be freed anyway on process exit, so not freeing them now=
 is
+       not classified as a memory leak.  OTOH, freeing them now might be
+       classified as a data race, because some worker thread might still be
+       accessing them.  */
+    charsets.clear ();
   }
=20
   void clear ()