public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug breakpoints/14354] New: "kill" breakpoint command crashes gdb
@ 2012-07-11 23:30 keiths at redhat dot com
2024-01-07 17:38 ` [Bug breakpoints/14354] " ssbssa at sourceware dot org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: keiths at redhat dot com @ 2012-07-11 23:30 UTC (permalink / raw)
To: gdb-prs
http://sourceware.org/bugzilla/show_bug.cgi?id=14354
Bug #: 14354
Summary: "kill" breakpoint command crashes gdb
Product: gdb
Version: HEAD
Status: NEW
Severity: normal
Priority: P2
Component: breakpoints
AssignedTo: unassigned@sourceware.org
ReportedBy: keiths@redhat.com
Classification: Unclassified
(top) fil gdb
Reading symbols from linux/gdb/gdb...done.
warning: File "gdb-gdb.gdb" auto-loading has been declined by your `auto-load
safe-path' set to "$debugdir:$datadir/auto-load".
(top) b main
Breakpoint 1 at 0x456f53: file ../../gdb/gdb/gdb.c, line 29.
(top) commands 1
Type commands for breakpoint(s) 1, one per line.
End with a line saying just "end".
>set confirm off
>kill
>end
(top) r
Starting program: linux/gdb/gdb
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Breakpoint 1, main (argc=1, argv=0x7fffffffe048) at ../../gdb/gdb/gdb.c:29
29 memset (&args, 0, sizeof args);
Segmentation fault (core dumped)
Backtrace:
0x000000000054678a in bpstat_do_actions_1 (bsp=0x12b25c8)
at ../../archer/gdb/breakpoint.c:4265
4265 ccmd = bs->commands;
(top) p bs
$1 = (struct bpstats *) 0x9595959595959595
(top) bt
#0 0x000000000054678a in bpstat_do_actions_1 (bsp=0x12b25c8)
at ../../gdb/gdb/breakpoint.c:4265
#1 0x000000000054688e in bpstat_do_actions ()
at ../../gdb/gdb/breakpoint.c:4331
#2 0x00000000005dd677 in command_handler (command=0xc4b730 "")
at ../../gdb/gdb/event-top.c:438
#3 0x00000000005ddd07 in command_line_handler (rl=0xd14e00 "r")
at ../../gdb/gdb/event-top.c:636
#4 0x000000000071daa2 in rl_callback_read_char ()
at ../../gdb/readline/callback.c:220
#5 0x00000000005dd119 in rl_callback_read_char_wrapper (client_data=0x0)
at ../../gdb/gdb/event-top.c:169
#6 0x00000000005dd584 in stdin_event_handler (error=0, client_data=0x0)
at ../../gdb/gdb/event-top.c:375
#7 0x00000000005dc0ba in handle_file_event (data=...)
at ../../gdb/gdb/event-loop.c:827
#8 0x00000000005db580 in process_event () at ../../gdb/gdb/event-loop.c:401
#9 0x00000000005db647 in gdb_do_one_event ()
at ../../gdb/gdb/event-loop.c:465
#10 0x00000000005db698 in start_event_loop ()
at ../../gdb/gdb/event-loop.c:490
#11 0x00000000005dd143 in cli_command_loop ()
at ../../gdb/gdb/event-top.c:182
#12 0x00000000005d40a3 in current_interp_command_loop ()
at ../../gdb/gdb/interps.c:332
#13 0x00000000005d49ce in captured_command_loop (data=0x0)
at ../../gdb/gdb/main.c:226
#14 0x00000000005d2eb3 in catch_errors (func=0x5d49b3 <captured_command_loop>,
---Type <return> to continue, or q <return> to quit---
func_args=0x0, errstring=0x87de25 "", mask=6)
at ../../archer/gdb/exceptions.c:546
#15 0x00000000005d5d9f in captured_main (data=0x7fffffffdf10)
at ../../gdb/gdb/main.c:1001
#16 0x00000000005d2eb3 in catch_errors (func=0x5d4c64 <captured_main>,
func_args=0x7fffffffdf10, errstring=0x87de25 "", mask=6)
at ../../gdb/gdb/exceptions.c:546
#17 0x00000000005d5dd5 in gdb_main (args=0x7fffffffdf10)
at ../../gdb/gdb/main.c:1010
#18 0x0000000000456f9f in main (argc=1, argv=0x7fffffffe018)
at ../../gdb/gdb/gdb.c:34
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug breakpoints/14354] "kill" breakpoint command crashes gdb
2012-07-11 23:30 [Bug breakpoints/14354] New: "kill" breakpoint command crashes gdb keiths at redhat dot com
@ 2024-01-07 17:38 ` ssbssa at sourceware dot org
2024-01-09 19:53 ` ssbssa at sourceware dot org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: ssbssa at sourceware dot org @ 2024-01-07 17:38 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=14354
Hannes Domani <ssbssa at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ssbssa at sourceware dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug breakpoints/14354] "kill" breakpoint command crashes gdb
2012-07-11 23:30 [Bug breakpoints/14354] New: "kill" breakpoint command crashes gdb keiths at redhat dot com
2024-01-07 17:38 ` [Bug breakpoints/14354] " ssbssa at sourceware dot org
@ 2024-01-09 19:53 ` ssbssa at sourceware dot org
2025-12-22 11:10 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: ssbssa at sourceware dot org @ 2024-01-09 19:53 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=14354
Hannes Domani <ssbssa at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Status|NEW |RESOLVED
--- Comment #1 from Hannes Domani <ssbssa at sourceware dot org> ---
Dup.
*** This bug has been marked as a duplicate of bug 13728 ***
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug breakpoints/14354] "kill" breakpoint command crashes gdb
2012-07-11 23:30 [Bug breakpoints/14354] New: "kill" breakpoint command crashes gdb keiths at redhat dot com
2024-01-07 17:38 ` [Bug breakpoints/14354] " ssbssa at sourceware dot org
2024-01-09 19:53 ` ssbssa at sourceware dot org
@ 2025-12-22 11:10 ` cvs-commit at gcc dot gnu.org
2025-12-22 11:31 ` ssbssa at sourceware dot org
2025-12-22 11:31 ` ssbssa at sourceware dot org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2025-12-22 11:10 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=14354
--- Comment #2 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Hannes Domani <ssbssa@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39c9aaea70056290e48da6e430b9d1328888c4c4
commit 39c9aaea70056290e48da6e430b9d1328888c4c4
Author: Hannes Domani <ssbssa@yahoo.de>
Date: Mon Dec 22 12:06:43 2025 +0100
Fix crash if breakpoint commands contain detach or kill
If breakpoint commands contain detach or kill, then gdb tries to access
freed memory:
(gdb) b main
Breakpoint 1 at 0x111d: file main.c, line 21.
(gdb) commands
Type commands for breakpoint(s) 1, one per line.
End with a line saying just "end".
>detach
>end
(gdb) run
Starting program:
/home/src/lappy/binutils-gdb.git/gdb/testsuite/gdb.base/main
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/../lib/libthread_db.so.1".
main () at main.c:21
21 return 0;
[Inferior 1 (process 241852) detached]
=================================================================
==241817==ERROR: AddressSanitizer: heap-use-after-free on address
0x7b7a3de0b760 at pc 0x55fcb92613fe bp 0x7ffec2d524f0 sp 0x7ffec2d524e0
READ of size 8 at 0x7b7a3de0b760 thread T0
#0 0x55fcb92613fd in bpstat_do_actions_1 ../../gdb/breakpoint.c:4898
#1 0x55fcb92617da in bpstat_do_actions() ../../gdb/breakpoint.c:5012
#2 0x55fcba3180e7 in inferior_event_handler(inferior_event_type)
../../gdb/inf-loop.c:71
#3 0x55fcba3ba1e1 in fetch_inferior_event() ../../gdb/infrun.c:4769
0x7b7a3de0b760 is located 0 bytes inside of 56-byte region
[0x7b7a3de0b760,0x7b7a3de0b798)
freed by thread T0 here:
#0 0x7f1a43522a2d in operator delete(void*, unsigned long)
/usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:155
#1 0x55fcb925d5cd in bpstat_clear(bpstat**) ../../gdb/breakpoint.c:4646
#2 0x55fcbb69ea6a in clear_thread_inferior_resources
../../gdb/thread.c:185
#3 0x55fcbb69f4cb in set_thread_exited(thread_info*,
std::optional<unsigned long>, bool) ../../gdb/thread.c:244
#4 0x55fcba368d64 in operator() ../../gdb/inferior.c:269
#5 0x55fcba375e2b in
clear_and_dispose<inferior::clear_thread_list()::<lambda(thread_info*)> >
../../gdb/../gdbsupport/intrusive_list.h:529
#6 0x55fcba368f19 in inferior::clear_thread_list()
../../gdb/inferior.c:265
#7 0x55fcba3694ba in exit_inferior(inferior*) ../../gdb/inferior.c:322
#8 0x55fcba369e35 in detach_inferior(inferior*)
../../gdb/inferior.c:358
#9 0x55fcba319d9f in inf_ptrace_target::detach_success(inferior*)
../../gdb/inf-ptrace.c:214
#10 0x55fcba56a2f6 in linux_nat_target::detach(inferior*, int)
../../gdb/linux-nat.c:1582
#11 0x55fcba62121c in thread_db_target::detach(inferior*, int)
../../gdb/linux-thread-db.c:1381
#12 0x55fcbb5ca49e in target_detach(inferior*, int)
../../gdb/target.c:2557
#13 0x55fcba356ba4 in detach_command(char const*, int)
../../gdb/infcmd.c:2894
#14 0x55fcb9597eea in do_simple_func ../../gdb/cli/cli-decode.c:94
#15 0x55fcb95b10b5 in cmd_func(cmd_list_element*, char const*, int)
../../gdb/cli/cli-decode.c:2831
#16 0x55fcbb6f5282 in execute_command(char const*, int)
../../gdb/top.c:563
#17 0x55fcb95eedb9 in execute_control_command_1
../../gdb/cli/cli-script.c:526
#18 0x55fcb95f04dd in execute_control_command(command_line*, int)
../../gdb/cli/cli-script.c:702
#19 0x55fcb9261175 in bpstat_do_actions_1 ../../gdb/breakpoint.c:4940
#20 0x55fcb92617da in bpstat_do_actions() ../../gdb/breakpoint.c:5012
#21 0x55fcba3180e7 in inferior_event_handler(inferior_event_type)
../../gdb/inf-loop.c:71
#22 0x55fcba3ba1e1 in fetch_inferior_event() ../../gdb/infrun.c:4769
previously allocated by thread T0 here:
#0 0x7f1a435218cd in operator new(unsigned long)
/usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:86
#1 0x55fcb927061f in build_bpstat_chain(address_space const*, unsigned
long, target_waitstatus const&) ../../gdb/breakpoint.c:5880
#2 0x55fcba3d63b6 in handle_signal_stop ../../gdb/infrun.c:7083
#3 0x55fcba3d01c7 in handle_inferior_event ../../gdb/infrun.c:6574
#4 0x55fcba3b9918 in fetch_inferior_event() ../../gdb/infrun.c:4713
This checks after executing commands of each breakpoint if the bpstat
was deleted already, and stops any further processing immediately.
Now the result looks like this:
(gdb) b main
Breakpoint 1 at 0x111d: file main.c, line 21.
(gdb) commands
Type commands for breakpoint(s) 1, one per line.
End with a line saying just "end".
>detach
>end
(gdb) run
Starting program:
/home/src/lappy/binutils-gdb.git/gdb/testsuite/gdb.base/main
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/../lib/libthread_db.so.1".
main () at main.c:21
21 return 0;
[Inferior 1 (process 242940) detached]
(gdb)
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=14354
Approved-By: Andrew Burgess <aburgess@redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug breakpoints/14354] "kill" breakpoint command crashes gdb
2012-07-11 23:30 [Bug breakpoints/14354] New: "kill" breakpoint command crashes gdb keiths at redhat dot com
` (2 preceding siblings ...)
2025-12-22 11:10 ` cvs-commit at gcc dot gnu.org
@ 2025-12-22 11:31 ` ssbssa at sourceware dot org
2025-12-22 11:31 ` ssbssa at sourceware dot org
4 siblings, 0 replies; 6+ messages in thread
From: ssbssa at sourceware dot org @ 2025-12-22 11:31 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=14354
Hannes Domani <ssbssa at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |18.1
Resolution|DUPLICATE |FIXED
--- Comment #3 from Hannes Domani <ssbssa at sourceware dot org> ---
Fixed.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug breakpoints/14354] "kill" breakpoint command crashes gdb
2012-07-11 23:30 [Bug breakpoints/14354] New: "kill" breakpoint command crashes gdb keiths at redhat dot com
` (3 preceding siblings ...)
2025-12-22 11:31 ` ssbssa at sourceware dot org
@ 2025-12-22 11:31 ` ssbssa at sourceware dot org
4 siblings, 0 replies; 6+ messages in thread
From: ssbssa at sourceware dot org @ 2025-12-22 11:31 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=14354
Hannes Domani <ssbssa at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jan at jankratochvil dot net
--- Comment #4 from Hannes Domani <ssbssa at sourceware dot org> ---
*** Bug 13728 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-12-22 11:31 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-11 23:30 [Bug breakpoints/14354] New: "kill" breakpoint command crashes gdb keiths at redhat dot com
2024-01-07 17:38 ` [Bug breakpoints/14354] " ssbssa at sourceware dot org
2024-01-09 19:53 ` ssbssa at sourceware dot org
2025-12-22 11:10 ` cvs-commit at gcc dot gnu.org
2025-12-22 11:31 ` ssbssa at sourceware dot org
2025-12-22 11:31 ` ssbssa at sourceware dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).