[Bug gdb/14290] gdb_bfd_unref frees an already freed memory block

["davidbalbert at gmail dot com" <sourceware-bugzilla@sourceware.org>]

http://sourceware.org/bugzilla/show_bug.cgi?id=14290

David Albert <davidbalbert at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |davidbalbert at gmail dot
                   |                            |com

--- Comment #3 from David Albert <davidbalbert at gmail dot com> 2012-11-19 04:43:41 UTC ---
I've run into what I think is the same bug in today's trunk. My steps to
reproduce are the same. I'm running OS X 10.8.2. I've included a debugging
session where I reproduce the bug and print a backtrace.

It's interesting that this bug is marked 7.4. I'm not sure if that was a
mistake or not. There was a similar bug
(http://sourceware.org/bugzilla/show_bug.cgi?id=13619) in 7.4 that got fixed in
7.5, but it was reported and fixed quite a few months before this bug, so I
assume they're not duplicates.

At any rate, I can confirm that this bug does not exist in 7.5 but exists in
trunk. Let me know if there's anything else I can do to help.

$ gdb -x gdb-gdb.gdb ./gdb
GNU gdb 6.3.50-20050815 (Apple version gdb-1822) (Sun Aug  5 03:00:42 UTC 2012)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for shared
libraries ...... done

Setting up the environment for debugging gdb.
Breakpoint 1 at 0x100304829: file utils.c, line 934.
Breakpoint 2 at 0x100082211: file cli-cmds.c, line 223.
(top-gdb) run /tmp/gdbtest/hello
Starting program: /Users/david/Development/gdb/build/gdb/gdb /tmp/gdbtest/hello
Reading symbols for shared libraries +++++............................. done
GNU gdb (GDB) 7.5.50.20121118-cvs
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin12.2.0".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /private/tmp/gdbtest/hello...Reading symbols from
/private/tmp/gdbtest/hello.dSYM/Contents/Resources/DWARF/hello...done.
done.
(gdb) run
Starting program: /private/tmp/gdbtest/hello 
Hello, world
[Inferior 1 (process 95368) exited normally]
(gdb) run

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x00000001001dcccd in gdb_bfd_unref (abfd=0x10097b580) at gdb_bfd.c:291
291      gdb_assert (gdata->refc >= 1);
(top-gdb) bt
#0  0x00000001001dcccd in gdb_bfd_unref (abfd=0x10097b580) at gdb_bfd.c:291
#1  0x0000000100201bf9 in free_objfile (objfile=0x10123b400) at objfiles.c:630
#2  0x00000001002031de in objfile_purge_solibs () at objfiles.c:1025
#3  0x0000000100328ee9 in no_shared_libraries (ignored=0x0, from_tty=1) at
solib.c:1206
#4  0x00000001001eac88 in target_pre_inferior (from_tty=1) at target.c:2502
#5  0x0000000100181536 in run_command_1 (args=0x0, from_tty=1,
tbreak_at_main=0) at infcmd.c:541
#6  0x0000000100181867 in run_command (args=0x0, from_tty=1) at infcmd.c:645
#7  0x000000010007947c in do_cfunc (c=0x1009457a0, args=0x0, from_tty=1) at
cli-decode.c:114
#8  0x000000010007def7 in cmd_func (cmd=0x1009457a0, args=0x0, from_tty=1) at
cli-decode.c:1846
#9  0x0000000100300343 in execute_command (p=0x100903c53 "", from_tty=1) at
top.c:486
#10 0x00000001001b7552 in command_handler (command=0x100903c50 "") at
event-top.c:429
#11 0x00000001001b7d53 in command_line_handler (rl=0x100985050 "") at
event-top.c:630
#12 0x0000000100378579 in rl_callback_read_char () at callback.c:220
#13 0x00000001001b6ca1 in rl_callback_read_char_wrapper (client_data=0x0) at
event-top.c:163
#14 0x00000001001b7407 in stdin_event_handler (error=0, client_data=0x0) at
event-top.c:369
#15 0x00000001001b5aca in handle_file_event (data={ptr = 0x7fff00000000,
integer = 0}) at event-loop.c:827
#16 0x00000001001b4eae in process_event () at event-loop.c:401
#17 0x00000001001b4fad in gdb_do_one_event () at event-loop.c:465
#18 0x00000001001b5022 in start_event_loop () at event-loop.c:490
#19 0x00000001001b6ceb in cli_command_loop () at event-top.c:176
#20 0x00000001001aaaca in current_interp_command_loop () at interps.c:332
#21 0x00000001001abc4e in captured_command_loop (data=0x0) at main.c:256
#22 0x00000001001a914a in catch_errors (func=0x1001abc30
<captured_command_loop>, func_args=0x0, errstring=0x1004b01b0 "", mask=6) at
exceptions.c:546
#23 0x00000001001ad46a in captured_main (data=0x7fff5fbff740) at main.c:1032
#24 0x00000001001a914a in catch_errors (func=0x1001abcb0 <captured_main>,
func_args=0x7fff5fbff740, errstring=0x1004b01b0 "", mask=6) at exceptions.c:546
#25 0x00000001001ad9c4 in gdb_main (args=0x7fff5fbff740) at main.c:1041
#26 0x00000001000013e3 in main (argc=2, argv=0x7fff5fbff7a0) at gdb.c:34

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.