From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 1B363388C02B; Thu, 6 May 2021 11:07:38 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1B363388C02B From: "abidh at sourceware dot org" To: gdb-prs@sourceware.org Subject: [Bug gdb/27827] New: GDB can crash while calling a function that returns a class with virtual base. Date: Thu, 06 May 2021 11:07:37 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: gdb X-Bugzilla-Version: HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: abidh at sourceware dot org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gdb-prs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-prs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 May 2021 11:07:38 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D27827 Bug ID: 27827 Summary: GDB can crash while calling a function that returns a class with virtual base. Product: gdb Version: HEAD Status: NEW Severity: normal Priority: P2 Component: gdb Assignee: unassigned at sourceware dot org Reporter: abidh at sourceware dot org Target Milestone: --- I recently observed that calling a function that returns a class which has a virtual base causes memory access at location 0. To reproduce, run to the testsuite/gdb.cp/non-trivial-retval.cc:151 and then issue the following com= mand (gdb) p f4(1,2) On x86_64, You will see=20 [remote] Packet received: 505d5555555500000300000080030000 [remote] Sending packet: $m0,8#01 [remote] Packet received: E01 $2 =3D { =3D , _vptr.E =3D 0x555555555d50 , = e =3D 3} But on some targets (e.g. on a nios2 simulator) which returns some memory f= or address 0, it can even cause a crash. Packet received: c02300000300000000000000 $1 =3D {Sending packet: $m0,4#fd...Ack Packet received: 14100080 Sending packet: $m80001008,4#5e...Ack Packet received: 3b1109e0 Sending packet: $me009113b,4#c2...Ack Packet received: efefbeef =3D Sending packet: $m0,4#fd...Ack Packet received: 14100080 Sending packet: $m80001008,4#5e...Ack Packet received: 3b1109e0 Aborted (core dumped) It seems that this problem is related to FIXME in gnu-v3-abi.c. Tom has mentioned it in 7d79de9a4be2. Not setting valaddr causes code to take the address of a not_lval value. This is where the address 0 seems to be coming from. The crash backtrace is #0 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:319 #1 value_contents_copy_raw (dst=3D0x5555562d0e10, dst_offset=3D0, src=3D0x5555562d0d10, src_offset=3D-536276677, length=3D4) at value.c:1327 #2 value_primitive_field (arg1=3D0x5555562d0d10, offset=3D0, fieldno=3D0, arg_type=3D0x5555562be980) at value.c:3019 #3 cp_print_value_fields (val=3D0x5555562d0d10, stream=3D0x55555625a180, recurse=3D1, options=3D0x7fffffffd080, dont_print_vb=3D0x55555617cea0, dont_print_statmem=3D0) at cp-valprint.c:333 #4 cp_print_value (val=3D0x555556224250, stream=3D0x55555625a180, recurse= =3D1, options=3D0x7fffffffd080, dont_print_vb=3D0x0) at cp-valprint.c:519 #5 cp_print_value_fields (val=3D0x555556224250, stream=3D0x55555625a180, recurse=3D0, options=3D0x7fffffffd080, dont_print_vb=3D0x0, dont_print_stat= mem=3D0) at cp-valprint.c:159 #6 c_value_print_struct (val=3D0x555556224250, stream=3D0x55555625a180, re= curse=3D0, options=3D0x7fffffffd080) at c-valprint.c:385 #7 c_value_print_inner (val=3D0x555556224250, stream=3D0x55555625a180, rec= urse=3D0, options=3D0x7fffffffd080) at c-valprint.c:462 #8 language_defn::value_print_inner (this=3D0x5555560365a0 , val=3D0x555556224250, stream=3D0x55555625a180, recur= se=3D0, options=3D0x7fffffffd080) at language.c:651 #9 do_val_print (value=3D0x555556224250, stream=3D0x55555625a180, recurse= =3D0, options=3D0x7fffffffd170, language=3D0x5555560365a0 ) at valprint.c:982 #10 common_val_print (val=3D0x555556224250, stream=3D0x55555625a180, recurs= e=3D0, options=3D0x7fffffffd170, language=3D0x5555560365a0 ) at valprint.c:1085 #11 c_value_print (val=3D0x555556224250, stream=3D0x55555625a180, options=3D0x7fffffffd340) at c-valprint.c:613 #12 language_defn::value_print (this=3D0x5555560365a0 , val=3D0x555556224250, stream=3D0x55555625a180, options=3D0x7fffffffd340) at language.c:633 #13 value_print (val=3D0x555556224250, stream=3D0x55555625a180, options=3D0x7fffffffd340) at valprint.c:1123 #14 print_formatted (val=3D0x555556224250, size=3D0, options=3D0x7fffffffd3= 40, stream=3D0x55555625a180) at printcmd.c:320 #15 print_value (val=3D0x555556224250, opts=3D...) at printcmd.c:1187 #16 print_command_1 (args=3D0x555556252862 "f4 (1, 2)", voidprint=3D1) at printcmd.c:1221 --=20 You are receiving this mail because: You are on the CC list for the bug.=