From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16811 invoked by alias); 24 Jun 2012 23:50:09 -0000 Received: (qmail 16791 invoked by uid 22791); 24 Jun 2012 23:50:09 -0000 X-SWARE-Spam-Status: No, hits=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,TW_BJ X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 24 Jun 2012 23:49:56 +0000 From: "johnw at boostpro dot com" To: gdb-prs@sourceware.org Subject: [Bug gdb/14290] New: gdb_bfd_unref frees an already freed memory block Date: Sun, 24 Jun 2012 23:50:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: gdb X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: johnw at boostpro dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gdb-prs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-prs-owner@sourceware.org X-SW-Source: 2012-q2/txt/msg00275.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=14290 Bug #: 14290 Summary: gdb_bfd_unref frees an already freed memory block Product: gdb Version: 7.4 Status: NEW Severity: normal Priority: P2 Component: gdb AssignedTo: unassigned@sourceware.org ReportedBy: johnw@boostpro.com Classification: Unclassified In gdb_bfd_unref, objfiles.c, the last lines in that function are: name = bfd_get_filename (abfd); gdb_bfd_close_or_warn (abfd); xfree (name); The memory checker on OS X aborts gdb because xfree here is freeing a memory block that was already freed elsewhere. Reproducing this on OS X is trivial: 1. Build GDB (with either gcc or clang) 2. Code sign it: codesign -s gdb-cert gdb 3. Use this gdb to debug any executable (including just "hello world") 4. Run the program with "run" 5. Run it again with "run". You should see this: (XXXXX) malloc: *** error for object 0x10045b570: pointer being freed was not allocated *** set a breakpoint in malloc_error_break to debug Here is the stack trace at the point of error: Breakpoint 1, 0x00007fff8c8786c0 in malloc_error_break () from i386:x86-64 (gdb) bt #0 0x00007fff8c8786c0 in malloc_error_break () from i386:x86-64 #1 0x00007fff8c878805 in free () from i386:x86-64 #2 0x00000001002ef4d3 in xfree (ptr=0x10045b570) at ./common/common-utils.c:107 #3 0x00000001001d6d12 in gdb_bfd_unref (abfd=0x103531440) at objfiles.c:1557 #4 0x00000001001d69b8 in free_objfile (objfile=0x1076cca00) at objfiles.c:597 #5 0x00000001001d7c98 in objfile_purge_solibs () at objfiles.c:986 #6 0x0000000100022ec9 in no_shared_libraries (ignored=0x0, from_tty=1) at solib.c:1205 #7 0x00000001001c1677 in target_pre_inferior (from_tty=1) at target.c:2479 #8 0x000000010016d282 in run_command_1 (args=0x0, from_tty=1, tbreak_at_main=0) at infcmd.c:516 #9 0x000000010016cb50 in run_command (args=0x0, from_tty=1) at infcmd.c:620 #10 0x0000000100069e3e in do_cfunc (c=0x100a40390, args=0x0, from_tty=1) at ./cli/cli-decode.c:67 #11 0x000000010006decc in cmd_func (cmd=0x100a40390, args=0x0, from_tty=1) at ./cli/cli-decode.c:1810 #12 0x00000001002b03e9 in execute_command (p=0x100a0a213 "", from_tty=1) at top.c:441 #13 0x0000000100199ed9 in command_handler (command=0x100a0a210 "") at event-top.c:435 #14 0x0000000100199d74 in command_line_handler (rl=0x10353a5b0 "") at event-top.c:636 #15 0x0000000100314b7a in rl_callback_read_char () at callback.c:220 #16 0x0000000100199561 in rl_callback_read_char_wrapper (client_data=0x0) at event-top.c:169 ---Type to continue, or q to quit--- #17 0x0000000100198bca in stdin_event_handler (error=0, client_data=0x0) at event-top.c:375 #18 0x00000001001984f9 in handle_file_event (data=...) at event-loop.c:827 #19 0x00000001001968bc in process_event () at event-loop.c:401 #20 0x0000000100196781 in gdb_do_one_event () at event-loop.c:465 #21 0x00000001001970ac in start_event_loop () at event-loop.c:490 #22 0x00000001001985d8 in cli_command_loop () at event-top.c:182 #23 0x000000010018e106 in current_interp_command_loop () at interps.c:309 #24 0x00000001001903de in captured_command_loop (data=0x0) at ./main.c:232 #25 0x000000010018d0c5 in catch_errors (func=0x1001903c0 , func_args=0x0, errstring=0x10040efea "", mask=6) at exceptions.c:502 #26 0x000000010018fe7e in captured_main (data=0x7fff5fbff5a0) at ./main.c:942 #27 0x000000010018d0c5 in catch_errors (func=0x10018ea70 , func_args=0x7fff5fbff5a0, errstring=0x10040efea "", mask=6) at exceptions.c:502 #28 0x000000010018ea5d in gdb_main (args=0x7fff5fbff5a0) at ./main.c:951 #29 0x0000000100000dbc in main (argc=1, argv=0x7fff5fbff5f8) at gdb.c:34 -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.