From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id CCFA03A53001; Fri, 30 Apr 2021 13:48:26 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CCFA03A53001
From: "vries at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug gdb/27806] free(): invalid pointer during gdb.ada/fixed_cmp.exp
Date: Fri, 30 Apr 2021 13:48:26 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gdb
X-Bugzilla-Component: gdb
X-Bugzilla-Version: HEAD
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: vries at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-27806-4717-2c2L8WLKpq@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-27806-4717@http.sourceware.org/bugzilla/>
References: <bug-27806-4717@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gdb-prs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-prs mailing list <gdb-prs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-prs>,
 <mailto:gdb-prs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-prs/>
List-Help: <mailto:gdb-prs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-prs>,
 <mailto:gdb-prs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2021 13:48:26 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D27806

--- Comment #4 from Tom de Vries <vries at gcc dot gnu.org> ---
So, the sequence of events seems to be:

1. Gdb sets gmp memory functions during _initialize_gmp_utils:
...
#1  0x00000000007498ba in _initialize_gmp_utils ()
    at /data/gdb_versions/devel/src/gdb/gmp-utils.c:242
242       mp_set_memory_functions (xmalloc, xrealloc_for_gmp, xfree_for_gmp=
);
...

2. libguille overwrites those memory functions during
   gdbscm_finish_initialization:
...
#1  0x00007ffff7e8bfb2 in scm_init_numbers () at numbers.c:10393
10393       mp_set_memory_functions (custom_gmp_malloc,
...

3. An allocation is done using custom_gmp_malloc:
...
Thread 1 "gdb" hit Breakpoint 6, custom_gmp_malloc (alloc_size=3D4) at
numbers.c:240
240       return scm_gc_malloc_pointerless (alloc_size, "GMP");
...

4. The allocated value is freed using xfree.
...
double free or corruption (out)

Thread 1 "gdb" received signal SIGABRT, Aborted.
__GI_raise (sig=3Dsig@entry=3D6) at ../sysdeps/unix/sysv/linux/raise.c:49
49        return ret;
...

--=20
You are receiving this mail because:
You are on the CC list for the bug.=