From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-prs-return-18552-listarch-gdb-prs=sources.redhat.com@sourceware.org>
Received: (qmail 50291 invoked by alias); 7 Sep 2015 01:41:20 -0000
Mailing-List: contact gdb-prs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-prs.sourceware.org>
List-Subscribe: <mailto:gdb-prs-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-prs/>
List-Post: <mailto:gdb-prs@sourceware.org>
List-Help: <mailto:gdb-prs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: gdb-prs-owner@sourceware.org
Received: (qmail 50267 invoked by uid 48); 7 Sep 2015 01:41:20 -0000
From: "anton_nix at mail dot ru" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug gdb/18929] New: NULL deref on throw in cp_print_value_fields
Date: Mon, 07 Sep 2015 01:41:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gdb
X-Bugzilla-Component: gdb
X-Bugzilla-Version: 7.10
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: anton_nix at mail dot ru
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
 attachments.created
Message-ID: <bug-18929-4717@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-q3/txt/msg00256.txt.bz2

https://sourceware.org/bugzilla/show_bug.cgi?id=18929

            Bug ID: 18929
           Summary: NULL deref on throw in cp_print_value_fields
           Product: gdb
           Version: 7.10
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: anton_nix at mail dot ru
  Target Milestone: ---

Created attachment 8583
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8583&action=edit
Patch

I think i found a bug

gdb-7.10/gdb/cp-valprint.c:316

struct value *v = NULL;
TRY { v = value_static_field (type, i); }
CATCH ... 
END_CATCH

cp_print_static_field (TYPE_FIELD_TYPE (type, i),
                 v, stream, recurse + 1,
                 options);

Assume that throw happend in value_static_field, then "v" would still 
be NULL, but cp_print_static_field expects "v" to be non-zero. This 
situation would lead to SEGFAULT

Propose to place "v" and cp_print_static_field call into TRY block

Digging in git history, I found out that, if v == NULL before 
cp_print_static_field call, then val_print_optimized_out happend 
(commit 686d4defdf4a343d4b700b8b544cd40c4f16b0d1). But in my case 
variable was not optimized out, and value_static_field throws. 

P.S.: I was debugging remote linux application from windows host.

Patch to 7.10 attached

-- 
You are receiving this mail because:
You are on the CC list for the bug.