[Bug remote/14786] New: thread list returned by qfThreadInfo clobbered by g packet

[Bug remote/14786] New: thread list returned by qfThreadInfo clobbered by g packet

[richard_sharman at mitel dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=14786

             Bug #: 14786
           Summary: thread list returned by qfThreadInfo clobbered by g
                    packet
           Product: gdb
           Version: 7.5
            Status: NEW
          Severity: normal
          Priority: P2
         Component: remote
        AssignedTo: unassigned@sourceware.org
        ReportedBy: richard_sharman@mitel.com
    Classification: Unclassified


Created attachment 6711
  --> http://sourceware.org/bugzilla/attachment.cgi?id=6711
Output from $ diff -c remote.c.orig remote.c > Patch

Function remote_threads_info in remote.c gets a list of threads from
the target and is supposed call remote_notice_new_inferior for each of
them.  However, while processing one the list of threads (in rs->buf)
can be clobbered by other calls to putpkt and getpk that use rs->buf.
Some calls (e.g. qAttached) only change the first few bytes of rs->buf
but under some cases send_g_packet can be called and this overwrites
many bytes.

gdb version:    7.5
remote target:    a locally written program using an ethernet socket to
               communicate with gdb and talking to a target
scenario:    
- initially no threads are known by gdb.
- an "info threads" command is given, so gdb sends "fThreadInfo"
- the target replies with at least two threads, e.g. "m19b1e00,19b1ac0l"
- gdb processes the first thread but while in remote_notice_new_inferior 
  send_g_packet is called clobbering the list of threads in rs->buf

Example:

(gdb) info threads
Sending packet: $qfThreadInfo#bb...Ack
Packet received: m19b1e00,19b1ac0l

Breakpoint 33, remote_threads_info (ops=0xdb41a0 <extended_remote_ops>) at
../../gdb/remote.c:2775
(top-gdb) p bufp
$29 = 0xeabb00 "m19b1e00,19b1ac0l"
(top-gdb) x/s bufp
0xeabb00:    "m19b1e00,19b1ac0l"
(top-gdb) n
(top-gdb) n
(top-gdb) p bufp
$30 = 0xeabb08 ",19b1ac0l"

gdb is about to process the first thread, 19b1e00, and then when done
should work on 19b1ac0.  However, it asks for the registers for
19b1e00 and when done bufp is no longer valid because it has been
overwritten with the reply to the 'g' packet.

Sending packet: $g#67...Ack
Packet received: 0000000001a5adf000000000000000000000000 <truncated>

now back in remote_threads_info:

(top-gdb) p bufp
$31 = 0xeabb08 "01a5adf", '0' <repeats 193 times>...
(top-gdb) x/s bufp
0xeabb08:    "01a5adf", '0' <repeats 193 times>...


A quick workaround is to save a copy of the register list received;
see attached file Patch.
$ diff -c remote.c.orig remote.c > Patch

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug remote/14786] thread list returned by qfThreadInfo clobbered by g packet

[richard_sharman at mitel dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=14786

Richard Sharman <richard_sharman at mitel dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #6711|Output from $ diff -c       |Make a copy of the reply
        description|remote.c.orig remote.c >    |from qfThreadInfo and use
                   |Patch                       |that instead of rs->buf.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug remote/14786] thread list returned by qfThreadInfo clobbered by g packet

[tromey at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=14786

Tom Tromey <tromey at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tromey at redhat dot com

--- Comment #1 from Tom Tromey <tromey at redhat dot com> 2012-10-31 14:22:27 UTC ---
It seems pretty reasonable to me, though I don't know this
code well.  You'll probably need a cleanup rather than an
explicit xfree.
Anyway, for best review & commit results, please follow the
contribution instructions:
http://sourceware.org/gdb/contribute/
Thanks.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug remote/14786] thread list returned by qfThreadInfo clobbered by g packet

[palves at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=14786

Pedro Alves <palves at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |palves at redhat dot com

--- Comment #2 from Pedro Alves <palves at redhat dot com> 2013-01-02 19:33:58 UTC ---
Indeed.

GDB's own gdbserver (and all stubs I've seen before, I think) only ever sends
one thread at a time per qfThreadInfo/qsThreadInfo, which explains how this was
missed.

Was this ever posted at gdb-patches@?

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug remote/14786] thread list returned by qfThreadInfo clobbered by g packet

[richard_sharman at mitel dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=14786

--- Comment #3 from Richard Sharman <richard_sharman at mitel dot com> 2013-01-07 13:32:22 UTC ---
On 2 January 2013 14:33, palves at redhat dot com <
sourceware-bugzilla@sourceware.org> wrote:

> http://sourceware.org/bugzilla/show_bug.cgi?id=14786
>
> Pedro Alves <palves at redhat dot com> changed:
>
>            What    |Removed                     |Added
>
> ----------------------------------------------------------------------------
>                  CC|                            |palves at redhat dot com
>
> --- Comment #2 from Pedro Alves <palves at redhat dot com> 2013-01-02
> 19:33:58 UTC ---
> Indeed.
>
> GDB's own gdbserver (and all stubs I've seen before, I think) only ever
> sends
> one thread at a time per qfThreadInfo/qsThreadInfo, which explains how
> this was
> missed.
>
> Was this ever posted at gdb-patches@?
>
>
>
I didn't post it no;  I just reported the bug.
Richard

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug remote/14786] thread list returned by qfThreadInfo clobbered by g packet

[palves at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=14786

Pedro Alves <palves at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
         AssignedTo|unassigned at sourceware    |palves at redhat dot com
                   |dot org                     |

--- Comment #4 from Pedro Alves <palves at redhat dot com> 2013-01-14 17:10:45 UTC ---
I've cleaned the patch up a bit, and am regression testing it.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug remote/14786] thread list returned by qfThreadInfo clobbered by g packet

[cvs-commit at gcc dot gnu.org]

http://sourceware.org/bugzilla/show_bug.cgi?id=14786

--- Comment #5 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> 2013-01-14 18:06:29 UTC ---
CVSROOT:    /cvs/src
Module name:    src
Changes by:    palves@sourceware.org    2013-01-14 18:06:22

Modified files:
    gdb            : ChangeLog remote.c 

Log message:
    2013-01-14  Richard Sharman  <richard_sharman@mitel.com>
    Pedro Alves  <palves@redhat.com>

    PR remote/14786

    * remote.c (remote_threads_info): Make a copy of the reply from
    qfThreadInfo and use that instead of rs->buf.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/ChangeLog.diff?cvsroot=src&r1=1.15013&r2=1.15014
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/remote.c.diff?cvsroot=src&r1=1.520&r2=1.521

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug remote/14786] thread list returned by qfThreadInfo clobbered by g packet

[palves at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=14786

Pedro Alves <palves at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED
   Target Milestone|---                         |7.6

--- Comment #6 from Pedro Alves <palves at redhat dot com> 2013-01-14 18:10:56 UTC ---
Patch checked in.  Thanks!

http://sourceware.org/ml/gdb-patches/2013-01/msg00279.html

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.