[Bug exp/26875] Incorrect value printed for address of first element of zero-length array

public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed

From: "vries at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug exp/26875] Incorrect value printed for address of first element of zero-length array
Date: Sat, 14 Nov 2020 11:45:43 +0000	[thread overview]
Message-ID: <bug-26875-4717-EszREM2hyo@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-26875-4717@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=26875

--- Comment #5 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #4)
> This passed with gdb 9.
> 
> The first bad commit is either:
> - commit 7c6f271296319576fa00587928e5ff52ced9c1bb (could not build)
>   gdb: make get_discrete_bounds check for non-constant range bounds, or
> - commit 8c2e4e0689ea244d0ed979171a3d09c9176b8175
>   gdb: add accessors to struct dynamic_prop

Hmm, before these commits, we handle this type in get_discrete_bounds:
...
(gdb) p recursive_dump_type (type, 0)
type node 0x2283020
name '<NULL>' (0x0)
code 0xc (TYPE_CODE_RANGE)
length 8
objfile 0x1fced60
target_type 0x223c440
  type node 0x223c440
  name 'long unsigned int' (0x225be83)
  code 0x8 (TYPE_CODE_INT)
  length 8
  objfile 0x1fced60
  target_type 0x0
  pointer_type 0x0
  reference_type 0x0
  type_chain 0x223c440
  instance_flags 0x0
  flags TYPE_UNSIGNED
  nfields 0 0x0
pointer_type 0x0
reference_type 0x0
type_chain 0x2283020
instance_flags 0x0
flags TYPE_UNSIGNED
nfields 0 0x22830a0
low 0  high 0 (undefined)
$12 = void
...
and ignored the TYPE_HIGH_BOUND_UNDEFINED, and just return 1, with lowerbound
== 0 and upperbound == 0.  The setting of lowerbound == 0 had the effect that
we printed the right value.

After the commits, get_discrete_bounds returns -1, and we have both lowerbound
and upperbound uninitialized.  We don't check the return status though in
value_subscript, and proceed with the uninitialized values:
...
(gdb) p lowerbound
$2 = 36429408
(gdb) p upperbound
$3 = 11281392
...

And after this:
...
(gdb) 
171           index -= lowerbound;
...
we have:
...
(gdb) p index
$4 = -36429408
...

So we end up here:
...
    return value_ind (value_ptradd (array, index));
...
constructing a value "*(array + -36429408)", and we end up printing 
&ubound.a[-36429408].

This is an ad-hoc patch that sets lowerbound, even if upperbound is undefined:
...
diff --git a/gdb/gdbtypes.c b/gdb/gdbtypes.c
index 686edafcf64..dfc3de870c1 100644
--- a/gdb/gdbtypes.c
+++ b/gdb/gdbtypes.c
@@ -1049,11 +1049,16 @@ get_discrete_bounds (struct type *type, LONGEST *lowp,
LONGEST
 *highp)
     case TYPE_CODE_RANGE:
       /* This function currently only works for ranges with two defined,
         constant bounds.  */
-      if (type->bounds ()->low.kind () != PROP_CONST
-         || type->bounds ()->high.kind () != PROP_CONST)
+      if (type->bounds ()->low.kind () != PROP_CONST)
        return -1;
-
       *lowp = type->bounds ()->low.const_val ();
+
+      if (type->bounds ()->high.kind () != PROP_CONST)
+       {
+         *highp = *lowp - 1;
+         return 1;
+       }
+
       *highp = type->bounds ()->high.const_val ();

       if (TYPE_TARGET_TYPE (type)->code () == TYPE_CODE_ENUM)
...
and handles the undefined upper bound by returning an empty range.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

next prev parent reply	other threads:[~2020-11-14 11:45 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-13  9:32 [Bug exp/26875] New: " vries at gcc dot gnu.org
2020-11-13 10:33 ` [Bug exp/26875] " vries at gcc dot gnu.org
2020-11-13 10:53 ` vries at gcc dot gnu.org
2020-11-13 14:47 ` vries at gcc dot gnu.org
2020-11-13 16:52 ` vries at gcc dot gnu.org
2020-11-14 11:45 ` vries at gcc dot gnu.org [this message]
2020-11-14 12:04 ` vries at gcc dot gnu.org
2020-11-20 18:00 ` simark at simark dot ca
2020-11-20 18:03 ` simark at simark dot ca
2020-11-20 18:07 ` simark at simark dot ca
2020-11-20 18:17 ` simark at simark dot ca
2020-11-20 22:16 ` vries at gcc dot gnu.org
2020-11-20 22:25 ` simark at simark dot ca
2020-11-23 16:25 ` simark at simark dot ca
2020-12-09 18:53 ` cvs-commit at gcc dot gnu.org
2020-12-09 21:34 ` cvs-commit at gcc dot gnu.org
2020-12-09 22:11 ` simark at simark dot ca
2021-10-13 14:22 ` vries at gcc dot gnu.org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-26875-4717-EszREM2hyo@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=gdb-prs@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).