public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug ada/30671] New: [gdb] heap-use-after-free in gdb.ada/uninitialized_vars.exp
@ 2023-07-24 7:39 vries at gcc dot gnu.org
2023-07-24 14:21 ` [Bug ada/30671] " tromey at sourceware dot org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: vries at gcc dot gnu.org @ 2023-07-24 7:39 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30671
Bug ID: 30671
Summary: [gdb] heap-use-after-free in
gdb.ada/uninitialized_vars.exp
Product: gdb
Version: HEAD
Status: NEW
Severity: normal
Priority: P2
Component: ada
Assignee: unassigned at sourceware dot org
Reporter: vries at gcc dot gnu.org
Target Milestone: ---
Created attachment 15001
--> https://sourceware.org/bugzilla/attachment.cgi?id=15001&action=edit
gdb.log
I build gdb with -O2 -fsanitizer=thread and gcc 13.1.1, and ran into:
...
y = (a => false, c => 0.0, d => 0)
==================
WARNING: ThreadSanitizer: heap-use-after-free (pid=3158)
Read of size 4 at 0x7b040000cc78 by main thread:
#0 memmove <null> (libtsan.so.2+0x46501) (BuildId:
8f2a9be581a0fcb3d7109755a6067408093b9dbd)
#1 unsigned char* std::__copy_move_backward<false, true,
std::random_access_iterator_tag>::__copy_move_b<unsigned char const, unsigned
char>(unsigned char const*, unsigned char const*, unsigned char*)
/usr/include/c++/13/bits/stl_algobase.h:748 (gdb+0x4fb5d3) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#2 unsigned char* std::__copy_move_backward_a2<false, unsigned char const*,
unsigned char*>(unsigned char const*, unsigned char const*, unsigned char*)
/usr/include/c++/13/bits/stl_algobase.h:769 (gdb+0x4fb5d3)
#3 unsigned char* std::__copy_move_backward_a1<false, unsigned char const*,
unsigned char*>(unsigned char const*, unsigned char const*, unsigned char*)
/usr/include/c++/13/bits/stl_algobase.h:778 (gdb+0x4fb5d3)
#4 unsigned char* std::__copy_move_backward_a<false, unsigned char const*,
unsigned char*>(unsigned char const*, unsigned char const*, unsigned char*)
/usr/include/c++/13/bits/stl_algobase.h:807 (gdb+0x4fb5d3)
#5 unsigned char* std::copy_backward<unsigned char const*, unsigned
char*>(unsigned char const*, unsigned char const*, unsigned char*)
/usr/include/c++/13/bits/stl_algobase.h:867 (gdb+0x4fb5d3)
#6 void gdb::copy<unsigned char const, unsigned
char>(gdb::array_view<unsigned char const>, gdb::array_view<unsigned char>)
/data/vries/gdb/src/gdb/../gdbsupport/array-view.h:222 (gdb+0x4fb5d3)
#7 value::contents_copy_raw(value*, long, long, long)
/data/vries/gdb/src/gdb/value.c:1198 (gdb+0xdeadd9) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#8 value::primitive_field(long, int, type*)
/data/vries/gdb/src/gdb/value.c:3037 (gdb+0xdf1080) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#9 value_field(value*, int) /data/vries/gdb/src/gdb/value.c:3054
(gdb+0xdf127d) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#10 print_field_values /data/vries/gdb/src/gdb/ada-valprint.c:650
(gdb+0x508ede) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#11 ada_val_print_struct_union /data/vries/gdb/src/gdb/ada-valprint.c:849
(gdb+0x509cea) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#12 ada_value_print_inner(value*, ui_file*, int, value_print_options
const*) /data/vries/gdb/src/gdb/ada-valprint.c:1034 (gdb+0x509cea)
#13 ada_language::value_print_inner(value*, ui_file*, int,
value_print_options const*) const /data/vries/gdb/src/gdb/ada-lang.c:13696
(gdb+0x4f7c20) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#14 common_val_print(value*, ui_file*, int, value_print_options const*,
language_defn const*) /data/vries/gdb/src/gdb/valprint.c:1092 (gdb+0xde058a)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#15 common_val_print_checked(value*, ui_file*, int, value_print_options
const*, language_defn const*) /data/vries/gdb/src/gdb/valprint.c:1184
(gdb+0xde0693) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#16 print_variable_and_value(char const*, symbol*, frame_info_ptr,
ui_file*, int) /data/vries/gdb/src/gdb/printcmd.c:2425 (gdb+0xa96fba) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#17 print_variable_and_value_data::operator()(char const*, symbol*)
/data/vries/gdb/src/gdb/stack.c:2298 (gdb+0xc761d6) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#18 gdb::function_view<void (char const*,
symbol*)>::bind<print_variable_and_value_data>(print_variable_and_value_data&)::{lambda(gdb::fv_detail::erased_callable,
char const*, symbol*)#1}::operator()(gdb::fv_detail::erased_callable, char
const*, symbol*) const
/data/vries/gdb/src/gdb/../gdbsupport/function-view.h:305 (gdb+0xc875e4)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#19 gdb::function_view<void (char const*,
symbol*)>::bind<print_variable_and_value_data>(print_variable_and_value_data&)::{lambda(gdb::fv_detail::erased_callable,
char const*, symbol*)#1}::_FUN(gdb::fv_detail::erased_callable, char const*,
symbol*) /data/vries/gdb/src/gdb/../gdbsupport/function-view.h:299
(gdb+0xc875e4)
#20 gdb::function_view<void (char const*, symbol*)>::operator()(char
const*, symbol*) const
/data/vries/gdb/src/gdb/../gdbsupport/function-view.h:289 (gdb+0xc74aaf)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#21 iterate_over_block_locals /data/vries/gdb/src/gdb/stack.c:2230
(gdb+0xc74aaf)
#22 iterate_over_block_local_vars(block const*, gdb::function_view<void
(char const*, symbol*)>) /data/vries/gdb/src/gdb/stack.c:2249 (gdb+0xc74aaf)
#23 print_frame_local_vars /data/vries/gdb/src/gdb/stack.c:2372
(gdb+0xc76737) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#24 info_locals_command(char const*, int)
/data/vries/gdb/src/gdb/stack.c:2450 (gdb+0xc79b7c) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#25 do_simple_func /data/vries/gdb/src/gdb/cli/cli-decode.c:95
(gdb+0x662818) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#26 cmd_func(cmd_list_element*, char const*, int)
/data/vries/gdb/src/gdb/cli/cli-decode.c:2735 (gdb+0x6666eb) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#27 execute_command(char const*, int) /data/vries/gdb/src/gdb/top.c:574
(gdb+0xd1cc2e) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#28 command_handler(char const*) /data/vries/gdb/src/gdb/event-top.c:552
(gdb+0x7de4d5) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#29 command_line_handler(std::unique_ptr<char, gdb::xfree_deleter<char>
>&&) /data/vries/gdb/src/gdb/event-top.c:788 (gdb+0x7dff2c) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#30 tui_command_line_handler /data/vries/gdb/src/gdb/tui/tui-interp.c:104
(gdb+0xd4fb7d) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#31 gdb_rl_callback_handler /data/vries/gdb/src/gdb/event-top.c:259
(gdb+0x7ddead) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#32 rl_callback_read_char
/data/vries/gdb/src/readline/readline/callback.c:290 (gdb+0xe5898d) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#33 gdb_rl_callback_read_char_wrapper_noexcept
/data/vries/gdb/src/gdb/event-top.c:195 (gdb+0x7dd91d) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#34 gdb_rl_callback_read_char_wrapper
/data/vries/gdb/src/gdb/event-top.c:234 (gdb+0x7ddc79) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#35 stdin_event_handler /data/vries/gdb/src/gdb/ui.c:155 (gdb+0xd7b251)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#36 handle_file_event /data/vries/gdb/src/gdbsupport/event-loop.cc:573
(gdb+0x15feca1) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#37 gdb_wait_for_event /data/vries/gdb/src/gdbsupport/event-loop.cc:694
(gdb+0x15ff2ed) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#38 gdb_do_one_event(int) /data/vries/gdb/src/gdbsupport/event-loop.cc:264
(gdb+0x16003da) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#39 start_event_loop /data/vries/gdb/src/gdb/main.c:412 (gdb+0x98e9b1)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#40 captured_command_loop /data/vries/gdb/src/gdb/main.c:476 (gdb+0x98e9b1)
#41 gdb_wait_for_event /data/vries/gdb/src/gdbsupport/event-loop.cc:694
(gdb+0x15ff2ed) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#42 gdb_do_one_event(int) /data/vries/gdb/src/gdbsupport/event-loop.cc:264
(gdb+0x16003da) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#43 start_event_loop /data/vries/gdb/src/gdb/main.c:412 (gdb+0x98e9b1)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#44 captured_command_loop /data/vries/gdb/src/gdb/main.c:476 (gdb+0x98e9b1)
#45 captured_main /data/vries/gdb/src/gdb/main.c:1320 (gdb+0x9926b4)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#46 gdb_main(captured_main_args*) /data/vries/gdb/src/gdb/main.c:1339
(gdb+0x9926b4)
#47 main /data/vries/gdb/src/gdb/gdb.c:32 (gdb+0x47ab01) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
Previous write of size 8 at 0x7b040000cc78 by main thread:
#0 operator delete(void*, unsigned long) <null> (libtsan.so.2+0x880ce)
(BuildId: 8f2a9be581a0fcb3d7109755a6067408093b9dbd)
#1 std::__new_allocator<dwarf_stack_value>::deallocate(dwarf_stack_value*,
unsigned long) /usr/include/c++/13/bits/new_allocator.h:168 (gdb+0x751dfa)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#2 std::allocator_traits<std::allocator<dwarf_stack_value>
>::deallocate(std::allocator<dwarf_stack_value>&, dwarf_stack_value*, unsigned
long) /usr/include/c++/13/bits/alloc_traits.h:516 (gdb+0x751dfa)
#3 std::_Vector_base<dwarf_stack_value, std::allocator<dwarf_stack_value>
>::_M_deallocate(dwarf_stack_value*, unsigned long)
/usr/include/c++/13/bits/stl_vector.h:387 (gdb+0x751dfa)
#4 std::_Vector_base<dwarf_stack_value, std::allocator<dwarf_stack_value>
>::~_Vector_base() /usr/include/c++/13/bits/stl_vector.h:366 (gdb+0x751dfa)
#5 std::vector<dwarf_stack_value, std::allocator<dwarf_stack_value>
>::~vector() /usr/include/c++/13/bits/stl_vector.h:735 (gdb+0x751dfa)
#6 dwarf_expr_context::~dwarf_expr_context()
/data/vries/gdb/src/gdb/dwarf2/expr.h:124 (gdb+0x751dfa)
#7 dwarf2_evaluate_loc_desc_full /data/vries/gdb/src/gdb/dwarf2/loc.c:1558
(gdb+0x751dfa)
#8 dwarf2_evaluate_loc_desc(type*, frame_info_ptr, unsigned char const*,
unsigned long, dwarf2_per_cu_data*, dwarf2_per_objfile*, bool)
/data/vries/gdb/src/gdb/dwarf2/loc.c:1569 (gdb+0x7525a5) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#9 locexpr_read_variable /data/vries/gdb/src/gdb/dwarf2/loc.c:3060
(gdb+0x754142) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#10 language_defn::read_var_value(symbol*, block const*, frame_info_ptr)
const /data/vries/gdb/src/gdb/findvar.c:578 (gdb+0x8121ea) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#11 ada_language::read_var_value(symbol*, block const*, frame_info_ptr)
const /data/vries/gdb/src/gdb/ada-lang.c:13386 (gdb+0x4fbabc) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#12 read_var_value(symbol*, block const*, frame_info_ptr)
/data/vries/gdb/src/gdb/findvar.c:794 (gdb+0x80f86c) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#13 print_variable_and_value(char const*, symbol*, frame_info_ptr,
ui_file*, int) /data/vries/gdb/src/gdb/printcmd.c:2422 (gdb+0xa96f6b) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#14 print_variable_and_value_data::operator()(char const*, symbol*)
/data/vries/gdb/src/gdb/stack.c:2298 (gdb+0xc761d6) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#15 gdb::function_view<void (char const*,
symbol*)>::bind<print_variable_and_value_data>(print_variable_and_value_data&)::{lambda(gdb::fv_detail::erased_callable,
char const*, symbol*)#1}::operator()(gdb::fv_detail::erased_callable, char
const*, symbol*) const
/data/vries/gdb/src/gdb/../gdbsupport/function-view.h:305 (gdb+0xc875e4)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#16 gdb::function_view<void (char const*,
symbol*)>::bind<print_variable_and_value_data>(print_variable_and_value_data&)::{lambda(gdb::fv_detail::erased_callable,
char const*, symbol*)#1}::_FUN(gdb::fv_detail::erased_callable, char const*,
symbol*) /data/vries/gdb/src/gdb/../gdbsupport/function-view.h:299
(gdb+0xc875e4)
#17 gdb::function_view<void (char const*, symbol*)>::operator()(char
const*, symbol*) const
/data/vries/gdb/src/gdb/../gdbsupport/function-view.h:289 (gdb+0xc74aaf)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#18 iterate_over_block_locals /data/vries/gdb/src/gdb/stack.c:2230
(gdb+0xc74aaf)
#19 iterate_over_block_local_vars(block const*, gdb::function_view<void
(char const*, symbol*)>) /data/vries/gdb/src/gdb/stack.c:2249 (gdb+0xc74aaf)
#20 print_frame_local_vars /data/vries/gdb/src/gdb/stack.c:2372
(gdb+0xc76737) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#21 info_locals_command(char const*, int)
/data/vries/gdb/src/gdb/stack.c:2450 (gdb+0xc79b7c) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#22 do_simple_func /data/vries/gdb/src/gdb/cli/cli-decode.c:95
(gdb+0x662818) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#23 cmd_func(cmd_list_element*, char const*, int)
/data/vries/gdb/src/gdb/cli/cli-decode.c:2735 (gdb+0x6666eb) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#24 execute_command(char const*, int) /data/vries/gdb/src/gdb/top.c:574
(gdb+0xd1cc2e) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#25 command_handler(char const*) /data/vries/gdb/src/gdb/event-top.c:552
(gdb+0x7de4d5) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#26 command_line_handler(std::unique_ptr<char, gdb::xfree_deleter<char>
>&&) /data/vries/gdb/src/gdb/event-top.c:788 (gdb+0x7dff2c) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#27 tui_command_line_handler /data/vries/gdb/src/gdb/tui/tui-interp.c:104
(gdb+0xd4fb7d) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#28 gdb_rl_callback_handler /data/vries/gdb/src/gdb/event-top.c:259
(gdb+0x7ddead) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#29 rl_callback_read_char
/data/vries/gdb/src/readline/readline/callback.c:290 (gdb+0xe5898d) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#30 gdb_rl_callback_read_char_wrapper_noexcept
/data/vries/gdb/src/gdb/event-top.c:195 (gdb+0x7dd91d) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#31 gdb_rl_callback_read_char_wrapper
/data/vries/gdb/src/gdb/event-top.c:234 (gdb+0x7ddc79) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#32 stdin_event_handler /data/vries/gdb/src/gdb/ui.c:155 (gdb+0xd7b251)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#33 handle_file_event /data/vries/gdb/src/gdbsupport/event-loop.cc:573
(gdb+0x15feca1) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#34 gdb_wait_for_event /data/vries/gdb/src/gdbsupport/event-loop.cc:694
(gdb+0x15ff2ed) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#35 gdb_do_one_event(int) /data/vries/gdb/src/gdbsupport/event-loop.cc:264
(gdb+0x16003da) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#36 start_event_loop /data/vries/gdb/src/gdb/main.c:412 (gdb+0x98e9b1)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#37 captured_command_loop /data/vries/gdb/src/gdb/main.c:476 (gdb+0x98e9b1)
#38 gdb_wait_for_event /data/vries/gdb/src/gdbsupport/event-loop.cc:694
(gdb+0x15ff2ed) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#39 gdb_do_one_event(int) /data/vries/gdb/src/gdbsupport/event-loop.cc:264
(gdb+0x16003da) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#40 start_event_loop /data/vries/gdb/src/gdb/main.c:412 (gdb+0x98e9b1)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#41 captured_command_loop /data/vries/gdb/src/gdb/main.c:476 (gdb+0x98e9b1)
#42 captured_main /data/vries/gdb/src/gdb/main.c:1320 (gdb+0x9926b4)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#43 gdb_main(captured_main_args*) /data/vries/gdb/src/gdb/main.c:1339
(gdb+0x9926b4)
#44 main /data/vries/gdb/src/gdb/gdb.c:32 (gdb+0x47ab01) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
Location is heap block of size 8 at 0x7b040000cc70 allocated by main thread:
#0 calloc <null> (libtsan.so.2+0x41245) (BuildId:
8f2a9be581a0fcb3d7109755a6067408093b9dbd)
#1 xcalloc /data/vries/gdb/src/gdb/alloc.c:97 (gdb+0x511168) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#2 xzalloc(unsigned long) /data/vries/gdb/src/gdbsupport/common-utils.cc:29
(gdb+0x15fb2aa) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#3 value::allocate_contents(bool) /data/vries/gdb/src/gdb/value.c:937
(gdb+0xde751d) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#4 value::fetch_lazy() /data/vries/gdb/src/gdb/value.c:4004 (gdb+0xdee6a3)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#5 value::entirely_covered_by_range_vector(std::vector<range,
std::allocator<range> > const&) /data/vries/gdb/src/gdb/value.c:229
(gdb+0xdee977) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#6 value::entirely_optimized_out() /data/vries/gdb/src/gdb/value.h:531
(gdb+0xde000b) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#7 value_check_printable /data/vries/gdb/src/gdb/valprint.c:1133
(gdb+0xde000b)
#8 common_val_print_checked(value*, ui_file*, int, value_print_options
const*, language_defn const*) /data/vries/gdb/src/gdb/valprint.c:1182
(gdb+0xde066e) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#9 print_variable_and_value(char const*, symbol*, frame_info_ptr, ui_file*,
int) /data/vries/gdb/src/gdb/printcmd.c:2425 (gdb+0xa96fba) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#10 print_variable_and_value_data::operator()(char const*, symbol*)
/data/vries/gdb/src/gdb/stack.c:2298 (gdb+0xc761d6) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#11 gdb::function_view<void (char const*,
symbol*)>::bind<print_variable_and_value_data>(print_variable_and_value_data&)::{lambda(gdb::fv_detail::erased_callable,
char const*, symbol*)#1}::operator()(gdb::fv_detail::erased_callable, char
const*, symbol*) const
/data/vries/gdb/src/gdb/../gdbsupport/function-view.h:305 (gdb+0xc875e4)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#12 gdb::function_view<void (char const*,
symbol*)>::bind<print_variable_and_value_data>(print_variable_and_value_data&)::{lambda(gdb::fv_detail::erased_callable,
char const*, symbol*)#1}::_FUN(gdb::fv_detail::erased_callable, char const*,
symbol*) /data/vries/gdb/src/gdb/../gdbsupport/function-view.h:299
(gdb+0xc875e4)
#13 gdb::function_view<void (char const*, symbol*)>::operator()(char
const*, symbol*) const
/data/vries/gdb/src/gdb/../gdbsupport/function-view.h:289 (gdb+0xc74aaf)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#14 iterate_over_block_locals /data/vries/gdb/src/gdb/stack.c:2230
(gdb+0xc74aaf)
#15 iterate_over_block_local_vars(block const*, gdb::function_view<void
(char const*, symbol*)>) /data/vries/gdb/src/gdb/stack.c:2249 (gdb+0xc74aaf)
#16 print_frame_local_vars /data/vries/gdb/src/gdb/stack.c:2372
(gdb+0xc76737) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#17 info_locals_command(char const*, int)
/data/vries/gdb/src/gdb/stack.c:2450 (gdb+0xc79b7c) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#18 do_simple_func /data/vries/gdb/src/gdb/cli/cli-decode.c:95
(gdb+0x662818) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#19 cmd_func(cmd_list_element*, char const*, int)
/data/vries/gdb/src/gdb/cli/cli-decode.c:2735 (gdb+0x6666eb) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#20 execute_command(char const*, int) /data/vries/gdb/src/gdb/top.c:574
(gdb+0xd1cc2e) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#21 command_handler(char const*) /data/vries/gdb/src/gdb/event-top.c:552
(gdb+0x7de4d5) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#22 command_line_handler(std::unique_ptr<char, gdb::xfree_deleter<char>
>&&) /data/vries/gdb/src/gdb/event-top.c:788 (gdb+0x7dff2c) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#23 tui_command_line_handler /data/vries/gdb/src/gdb/tui/tui-interp.c:104
(gdb+0xd4fb7d) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#24 gdb_rl_callback_handler /data/vries/gdb/src/gdb/event-top.c:259
(gdb+0x7ddead) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#25 rl_callback_read_char
/data/vries/gdb/src/readline/readline/callback.c:290 (gdb+0xe5898d) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#26 gdb_rl_callback_read_char_wrapper_noexcept
/data/vries/gdb/src/gdb/event-top.c:195 (gdb+0x7dd91d) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#27 gdb_rl_callback_read_char_wrapper
/data/vries/gdb/src/gdb/event-top.c:234 (gdb+0x7ddc79) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#28 stdin_event_handler /data/vries/gdb/src/gdb/ui.c:155 (gdb+0xd7b251)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#29 handle_file_event /data/vries/gdb/src/gdbsupport/event-loop.cc:573
(gdb+0x15feca1) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#30 gdb_wait_for_event /data/vries/gdb/src/gdbsupport/event-loop.cc:694
(gdb+0x15ff2ed) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#31 gdb_do_one_event(int) /data/vries/gdb/src/gdbsupport/event-loop.cc:264
(gdb+0x16003da) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#32 start_event_loop /data/vries/gdb/src/gdb/main.c:412 (gdb+0x98e9b1)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#33 captured_command_loop /data/vries/gdb/src/gdb/main.c:476 (gdb+0x98e9b1)
#34 gdb_wait_for_event /data/vries/gdb/src/gdbsupport/event-loop.cc:694
(gdb+0x15ff2ed) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#35 gdb_do_one_event(int) /data/vries/gdb/src/gdbsupport/event-loop.cc:264
(gdb+0x16003da) (BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#36 start_event_loop /data/vries/gdb/src/gdb/main.c:412 (gdb+0x98e9b1)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#37 captured_command_loop /data/vries/gdb/src/gdb/main.c:476 (gdb+0x98e9b1)
#38 captured_main /data/vries/gdb/src/gdb/main.c:1320 (gdb+0x9926b4)
(BuildId: f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
#39 gdb_main(captured_main_args*) /data/vries/gdb/src/gdb/main.c:1339
(gdb+0x9926b4)
#40 main /data/vries/gdb/src/gdb/gdb.c:32 (gdb+0x47ab01) (BuildId:
f6fc8a5c2c3b42f3e3a24e54b8b2df127faee329)
SUMMARY: ThreadSanitizer: heap-use-after-free (/lib64/libtsan.so.2+0x46501)
(BuildId: 8f2a9be581a0fcb3d7109755a6067408093b9dbd) in memmove
==================
y2 = (a => 2, c => 0.0, d => 657184769)
...
Build from commit 8a9da63e407 ("gdb: two changes to linux_nat_debug_printf
calls in linux-nat.c").
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug ada/30671] [gdb] heap-use-after-free in gdb.ada/uninitialized_vars.exp
2023-07-24 7:39 [Bug ada/30671] New: [gdb] heap-use-after-free in gdb.ada/uninitialized_vars.exp vries at gcc dot gnu.org
@ 2023-07-24 14:21 ` tromey at sourceware dot org
2023-07-24 14:23 ` tromey at sourceware dot org
2023-07-25 7:22 ` vries at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: tromey at sourceware dot org @ 2023-07-24 14:21 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30671
Tom Tromey <tromey at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tromey at sourceware dot org
--- Comment #1 from Tom Tromey <tromey at sourceware dot org> ---
FWIW I couldn't reproduce on Fedora 36, which has GCC 12.
However based on the stack trace I suspect it has to do with
the precise DWARF being emitted:
#5 std::vector<dwarf_stack_value, std::allocator<dwarf_stack_value>
>::~vector() /usr/include/c++/13/bits/stl_vector.h:735 (gdb+0x751dfa)
#6 dwarf_expr_context::~dwarf_expr_context()
/data/vries/gdb/src/gdb/dwarf2/expr.h:124 (gdb+0x751dfa)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug ada/30671] [gdb] heap-use-after-free in gdb.ada/uninitialized_vars.exp
2023-07-24 7:39 [Bug ada/30671] New: [gdb] heap-use-after-free in gdb.ada/uninitialized_vars.exp vries at gcc dot gnu.org
2023-07-24 14:21 ` [Bug ada/30671] " tromey at sourceware dot org
@ 2023-07-24 14:23 ` tromey at sourceware dot org
2023-07-25 7:22 ` vries at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: tromey at sourceware dot org @ 2023-07-24 14:23 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30671
--- Comment #2 from Tom Tromey <tromey at sourceware dot org> ---
murgatroyd. gcc --version
gcc (GCC) 13.0.0 20230102 (experimental)
... this version also seems to pass for me.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug ada/30671] [gdb] heap-use-after-free in gdb.ada/uninitialized_vars.exp
2023-07-24 7:39 [Bug ada/30671] New: [gdb] heap-use-after-free in gdb.ada/uninitialized_vars.exp vries at gcc dot gnu.org
2023-07-24 14:21 ` [Bug ada/30671] " tromey at sourceware dot org
2023-07-24 14:23 ` tromey at sourceware dot org
@ 2023-07-25 7:22 ` vries at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: vries at gcc dot gnu.org @ 2023-07-25 7:22 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30671
Tom de Vries <vries at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Status|NEW |RESOLVED
--- Comment #3 from Tom de Vries <vries at gcc dot gnu.org> ---
No longer reproduces with gdb build with -fsanitize=thread -O2
-fno-hoist-adjacent-loads.
Marking dup of PR30672.
*** This bug has been marked as a duplicate of bug 30672 ***
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-07-25 7:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-24 7:39 [Bug ada/30671] New: [gdb] heap-use-after-free in gdb.ada/uninitialized_vars.exp vries at gcc dot gnu.org
2023-07-24 14:21 ` [Bug ada/30671] " tromey at sourceware dot org
2023-07-24 14:23 ` tromey at sourceware dot org
2023-07-25 7:22 ` vries at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).