[Bug tui/18350] New: Invalid free() in tui_check_register

public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed

* [Bug tui/18350] New: Invalid free() in tui_check_register_values() [Heap Corruption]
@ 2015-04-28 21:13 proto0x0 at gmail dot com
  2015-04-28 21:25 ` [Bug tui/18350] " proto0x0 at gmail dot com
  2015-07-02 13:09 ` palves at redhat dot com
  0 siblings, 2 replies; 3+ messages in thread
From: proto0x0 at gmail dot com @ 2015-04-28 21:13 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=18350

            Bug ID: 18350
           Summary: Invalid free() in tui_check_register_values() [Heap
                    Corruption]
           Product: gdb
           Version: 7.9
            Status: NEW
          Severity: normal
          Priority: P2
         Component: tui
          Assignee: unassigned at sourceware dot org
          Reporter: proto0x0 at gmail dot com
  Target Milestone: ---
             Flags: security?

System: 

Linux -redacted- 3.19.3-3-ARCH #1 SMP PREEMPT Wed Apr 8 14:10:00 CEST 2015
x86_64 GNU/Linux
GNU gdb (GDB) 7.9

During a debugging session, I opened two stacked TUI windows up (registers and
source), and cycled the first window twice (once forward, once backwards).
After this I was given a coredump and abort() was called by gdb.

*** Error in `gdb': free(): invalid next size (fast): 0x0000000002e8b200 ***
...(Garbled by curses output)...
warning: Invalid window specified. 
gdb[0x5536f4]
The window name specified must be valid and visible.
Focus set to Cgdb[0x5a1f47]

Examining the coredump shows the following backtrace:

#0  0x00007faef65584b7 in raise () from /usr/lib/libc.so.6
#1  0x00007faef655988a in abort () from /usr/lib/libc.so.6
#2  0x00007faef6596993 in __libc_message () from /usr/lib/libc.so.6
#3  0x00007faef659bdee in malloc_printerr () from /usr/lib/libc.so.6
#4  0x00007faef659c5cb in _int_free () from /usr/lib/libc.so.6
#5  0x00000000004edb10 in tui_check_register_values ()
#6  0x00000000004ea422 in ?? ()
#7  0x0000000000687fe9 in select_frame ()
#8  0x00000000005b8cfd in ?? ()
#9  0x0000000000562826 in ?? ()
#10 0x00000000005536f4 in ?? ()
#11 0x00000000005af170 in proceed ()
#12 0x00000000005a1f47 in ?? ()
#13 0x00000000005a3dc8 in ?? ()
#14 0x000000000067f57c in execute_command ()
#15 0x00000000005c40a5 in ?? ()
#16 0x00000000005c4734 in ?? ()
#17 0x00007faef804625e in rl_callback_read_char () from
/usr/lib/libreadline.so.6
#18 0x00000000005c4109 in ?? ()
#19 0x00000000005c4153 in stdin_event_handler ()
#20 0x00000000005c2f25 in ?? ()
#21 0x00000000005c31b8 in gdb_do_one_event ()
#22 0x00000000005c329e in start_event_loop ()
#23 0x00000000005bd073 in ?? ()
#24 0x00000000005ba425 in catch_errors ()
#25 0x00000000005be0be in ?? ()
#26 0x00000000005ba425 in catch_errors ()
#27 0x00000000005be42b in gdb_main ()
#28 0x000000000045dd15 in main ()

The coredump seems to follow a call to xfree() (probably from within
`tui_get_register()`).

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug tui/18350] Invalid free() in tui_check_register_values() [Heap Corruption]
  2015-04-28 21:13 [Bug tui/18350] New: Invalid free() in tui_check_register_values() [Heap Corruption] proto0x0 at gmail dot com
@ 2015-04-28 21:25 ` proto0x0 at gmail dot com
  2015-07-02 13:09 ` palves at redhat dot com
  1 sibling, 0 replies; 3+ messages in thread
From: proto0x0 at gmail dot com @ 2015-04-28 21:25 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=18350

proto0x0 at gmail dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://sourceware.org/bugz
                   |                            |illa/show_bug.cgi?id=18351

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug tui/18350] Invalid free() in tui_check_register_values() [Heap Corruption]
  2015-04-28 21:13 [Bug tui/18350] New: Invalid free() in tui_check_register_values() [Heap Corruption] proto0x0 at gmail dot com
  2015-04-28 21:25 ` [Bug tui/18350] " proto0x0 at gmail dot com
@ 2015-07-02 13:09 ` palves at redhat dot com
  1 sibling, 0 replies; 3+ messages in thread
From: palves at redhat dot com @ 2015-07-02 13:09 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=18350

Pedro Alves <palves at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |palves at redhat dot com
         Resolution|---                         |WORKSFORME

--- Comment #1 from Pedro Alves <palves at redhat dot com> ---
There were fixes to memory management is this area to fix a similar crash.  I
tried to reproduce this, but couldn't.  Ithink this is fixed now.

Please reopen if you see it happen with current master (soon to be 7.10).  If
you see it happen, running gdb under Valgrind will most likely point directly
at the culprit.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-07-02 13:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-28 21:13 [Bug tui/18350] New: Invalid free() in tui_check_register_values() [Heap Corruption] proto0x0 at gmail dot com
2015-04-28 21:25 ` [Bug tui/18350] " proto0x0 at gmail dot com
2015-07-02 13:09 ` palves at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).