From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from rock.gnat.com (rock.gnat.com [205.232.38.15]) by sourceware.org (Postfix) with ESMTP id 880D4386F417 for ; Mon, 8 Feb 2021 15:24:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 880D4386F417 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=adacore.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tromey@adacore.com Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id 65446117229; Mon, 8 Feb 2021 10:24:50 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at gnat.com Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id btL9Qly2G3YY; Mon, 8 Feb 2021 10:24:50 -0500 (EST) Received: from murgatroyd.Home (97-122-91-54.hlrn.qwest.net [97.122.91.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by rock.gnat.com (Postfix) with ESMTPSA id 20B25116684; Mon, 8 Feb 2021 10:24:50 -0500 (EST) From: Tom Tromey To: gdb-patches@sourceware.org Cc: Tom Tromey Subject: [PATCH 2/2] Avoid crash from coerce_unspec_val_to_type Date: Mon, 8 Feb 2021 08:24:48 -0700 Message-Id: <20210208152448.341199-3-tromey@adacore.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20210208152448.341199-1-tromey@adacore.com> References: <20210208152448.341199-1-tromey@adacore.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-11.4 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Feb 2021 15:24:51 -0000 With a certain Ada program, ada-lang.c:coerce_unspec_val_to_type can cause a crash. This function may copy a value, and in the particular case in the crash, the new value's type is smaller than the original type. This causes coerce_unspec_val_to_type to create a lazy value -- but the original value is also not_lval, so later, when the value is un-lazied, gdb asserts. As with the previous patch, we believe there is a compiler bug here, but it is difficult to reproduce, so we're not completely certain. In the particular case we saw, the original value has record type, and the record holds some variable-length arrays. This leads to the type's length being 0. At the same time, the value is optimized out. This patch changes coerce_unspec_val_to_type to handle an optimized-out value correctly. It also slightly restructures this code to avoid a crash should a not_lval value wind up here. This is a purely defensive change. This change also made it clear that value_contents_copy_raw can now be made static, so that is also done. gdb/ChangeLog 2021-02-08 Tom Tromey * ada-lang.c (coerce_unspec_val_to_type): Avoid making lazy not_lval value. * value.c (value_contents_copy_raw): Now static. * value.h (value_contents_copy_raw): Don't declare. --- gdb/ChangeLog | 7 +++++++ gdb/ada-lang.c | 10 +++++++--- gdb/value.c | 2 +- gdb/value.h | 3 --- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c index 70296f97797..416a45be58e 100644 --- a/gdb/ada-lang.c +++ b/gdb/ada-lang.c @@ -601,13 +601,17 @@ coerce_unspec_val_to_type (struct value *val, struct type *type) trying to allocate some memory for it. */ ada_ensure_varsize_limit (type); - if (value_lazy (val) - || TYPE_LENGTH (type) > TYPE_LENGTH (value_type (val))) + if (value_optimized_out (val)) + result = allocate_optimized_out_value (type); + else if (value_lazy (val) + /* Be careful not to make a lazy not_lval value. */ + || (VALUE_LVAL (val) != not_lval + && TYPE_LENGTH (type) > TYPE_LENGTH (value_type (val)))) result = allocate_value_lazy (type); else { result = allocate_value (type); - value_contents_copy_raw (result, 0, val, 0, TYPE_LENGTH (type)); + value_contents_copy (result, 0, val, 0, TYPE_LENGTH (type)); } set_value_component_location (result, val); set_value_bitsize (result, value_bitsize (val)); diff --git a/gdb/value.c b/gdb/value.c index 4135d5ec339..bddf9a47923 100644 --- a/gdb/value.c +++ b/gdb/value.c @@ -1304,7 +1304,7 @@ value_ranges_copy_adjusted (struct value *dst, int dst_bit_offset, It is assumed the contents of DST in the [DST_OFFSET, DST_OFFSET+LENGTH) range are wholly available. */ -void +static void value_contents_copy_raw (struct value *dst, LONGEST dst_offset, struct value *src, LONGEST src_offset, LONGEST length) { diff --git a/gdb/value.h b/gdb/value.h index 39e94f45ea6..60a831c38c4 100644 --- a/gdb/value.h +++ b/gdb/value.h @@ -739,9 +739,6 @@ extern struct value *allocate_value_lazy (struct type *type); extern void value_contents_copy (struct value *dst, LONGEST dst_offset, struct value *src, LONGEST src_offset, LONGEST length); -extern void value_contents_copy_raw (struct value *dst, LONGEST dst_offset, - struct value *src, LONGEST src_offset, - LONGEST length); extern struct value *allocate_repeat_value (struct type *type, int count); -- 2.26.2