[Bug gdb/18929] New: NULL deref on throw in cp_print_value_fields

[Bug gdb/18929] New: NULL deref on throw in cp_print_value_fields

[anton_nix at mail dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=18929

            Bug ID: 18929
           Summary: NULL deref on throw in cp_print_value_fields
           Product: gdb
           Version: 7.10
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: anton_nix at mail dot ru
  Target Milestone: ---

Created attachment 8583
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8583&action=edit
Patch

I think i found a bug

gdb-7.10/gdb/cp-valprint.c:316

struct value *v = NULL;
TRY { v = value_static_field (type, i); }
CATCH ... 
END_CATCH

cp_print_static_field (TYPE_FIELD_TYPE (type, i),
                 v, stream, recurse + 1,
                 options);

Assume that throw happend in value_static_field, then "v" would still 
be NULL, but cp_print_static_field expects "v" to be non-zero. This 
situation would lead to SEGFAULT

Propose to place "v" and cp_print_static_field call into TRY block

Digging in git history, I found out that, if v == NULL before 
cp_print_static_field call, then val_print_optimized_out happend 
(commit 686d4defdf4a343d4b700b8b544cd40c4f16b0d1). But in my case 
variable was not optimized out, and value_static_field throws. 

P.S.: I was debugging remote linux application from windows host.

Patch to 7.10 attached

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/18929] NULL deref on throw in cp_print_value_fields

[anton_nix at mail dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=18929

Anton Mamontov <anton_nix at mail dot ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Target|                            |x86_64-linux-gnu
               Host|                            |x86_64-w64-mingw32
              Build|                            |x86_64-w64-mingw32

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/18929] NULL deref on throw in cp_print_value_fields

[anton_nix at mail dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=18929

Anton Mamontov <anton_nix at mail dot ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #8583|0                           |1
        is obsolete|                            |

--- Comment #1 from Anton Mamontov <anton_nix at mail dot ru> ---
Created attachment 8584
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8584&action=edit
PatchFixed

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/18929] NULL deref on throw in cp_print_value_fields

[matteo.settenvini at yatta dot de]

https://sourceware.org/bugzilla/show_bug.cgi?id=18929

Matteo Settenvini <matteo.settenvini at yatta dot de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |matteo.settenvini at yatta dot de

--- Comment #2 from Matteo Settenvini <matteo.settenvini at yatta dot de> ---
Confirming. I independently reached the same conclusion after seeing gdb
segfaulting reproducibly when printing values from a binary compiled with
-fvisibility=hidden.

I was going to submit exactly the same patch, so I would be glad if this fix
could be included in next gdb's release. Without it, gdb crashes almost in
every session, especially when using it in concert with an IDE which attempts
to print all local variables.

-- 
You are receiving this mail because:
You are on the CC list for the bug.