From 01d3c9fc039e11d1ca4bd0a29e4b1600abf5e9c8 Mon Sep 17 00:00:00 2001 From: Jan Kratochvil Date: Tue, 1 Jul 2014 00:15:01 +0200 Subject: [PATCH] Fix memory errors with demangled name hash (Tom Tromey). --- gdb-upstream.patch | 211 +++++++++++++++++++++++++++++++++++++++++++++ gdb.spec | 5 +- 2 files changed, 215 insertions(+), 1 deletion(-) diff --git a/gdb-upstream.patch b/gdb-upstream.patch index 6d82704..fcaf74c 100644 --- a/gdb-upstream.patch +++ b/gdb-upstream.patch @@ -102,3 +102,214 @@ Date: Tue May 13 14:55:53 2014 +0200 } } + + + +http://sourceware.org/ml/gdb-patches/2014-06/msg00550.html +Subject: Re: ASAN crash regression [Re: [PATCH 2/2] move the demangled_names_hash into the per-BFD] + +Jan> ./configure ... -fsanitize=address +Jan> echo 'void f(){}main(){}'|gcc -x c++ - -g;ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer ./gdb -batch a.out -ex 'file a.out' + +Readily seen with valgrind as well. + +Here's my proposed fix. + +Tom + +commit 3a93a67ad0ea3495f67c9708673345b73de2d806 +Author: Tom Tromey +Date: Mon Jun 16 03:17:19 2014 -0600 + + fix memory errors with demangled name hash + + This fixes a regression that Jan pointed out. + + The bug is that some names were allocated by dwarf2read on the objfile + obstack, but then passed to SYMBOL_SET_NAMES with copy_name=0. This + violates the invariant that the names must have a lifetime tied to the + lifetime of the BFD. + + The fix is to allocate names on the per-BFD obstack. + + I looked at all callers, direct or indirect, of SYMBOL_SET_NAMES that + pass copy_name=0. Note that only the ELF and DWARF readers do this; + other symbol readers were never updated (and perhaps cannot be, + depending on the details of the formats). This is why the patch is + relatively small. + + Built and regtested on x86-64 Fedora 20. + + 2014-06-16 Tom Tromey + + * dwarf2read.c (fixup_go_packaging, dwarf2_compute_name) + (dwarf2_physname, read_partial_die) + (guess_partial_die_structure_name, fixup_partial_die) + (guess_full_die_structure_name, anonymous_struct_prefix) + (dwarf2_name): Use per-BFD obstack. + +### a/gdb/ChangeLog +### b/gdb/ChangeLog +## -1,5 +1,13 @@ + 2014-06-16 Tom Tromey + ++ * dwarf2read.c (fixup_go_packaging, dwarf2_compute_name) ++ (dwarf2_physname, read_partial_die) ++ (guess_partial_die_structure_name, fixup_partial_die) ++ (guess_full_die_structure_name, anonymous_struct_prefix) ++ (dwarf2_name): Use per-BFD obstack. ++ ++2014-06-16 Tom Tromey ++ + * minsyms.h (prim_record_minimal_symbol) + (prim_record_minimal_symbol_and_info): Update comments. + +--- a/gdb/dwarf2read.c ++++ b/gdb/dwarf2read.c +@@ -7745,9 +7745,10 @@ fixup_go_packaging (struct dwarf2_cu *cu) + if (package_name != NULL) + { + struct objfile *objfile = cu->objfile; +- const char *saved_package_name = obstack_copy0 (&objfile->objfile_obstack, +- package_name, +- strlen (package_name)); ++ const char *saved_package_name ++ = obstack_copy0 (&objfile->per_bfd->storage_obstack, ++ package_name, ++ strlen (package_name)); + struct type *type = init_type (TYPE_CODE_MODULE, 0, 0, + saved_package_name, objfile); + struct symbol *sym; +@@ -8365,6 +8366,8 @@ dwarf2_compute_name (const char *name, + long length; + const char *prefix; + struct ui_file *buf; ++ char *intermediate_name; ++ const char *canonical_name = NULL; + + prefix = determine_prefix (die, cu); + buf = mem_fileopen (); +@@ -8541,19 +8544,25 @@ dwarf2_compute_name (const char *name, + } + } + +- name = ui_file_obsavestring (buf, &objfile->objfile_obstack, +- &length); ++ intermediate_name = ui_file_xstrdup (buf, &length); + ui_file_delete (buf); + + if (cu->language == language_cplus) +- { +- const char *cname +- = dwarf2_canonicalize_name (name, cu, +- &objfile->objfile_obstack); ++ canonical_name ++ = dwarf2_canonicalize_name (intermediate_name, cu, ++ &objfile->per_bfd->storage_obstack); ++ ++ /* If we only computed INTERMEDIATE_NAME, or if ++ INTERMEDIATE_NAME is already canonical, then we need to ++ copy it to the appropriate obstack. */ ++ if (canonical_name == NULL || canonical_name == intermediate_name) ++ name = obstack_copy0 (&objfile->per_bfd->storage_obstack, ++ intermediate_name, ++ strlen (intermediate_name)); ++ else ++ name = canonical_name; + +- if (cname != NULL) +- name = cname; +- } ++ xfree (intermediate_name); + } + } + +@@ -8562,7 +8571,7 @@ dwarf2_compute_name (const char *name, + + /* Return the fully qualified name of DIE, based on its DW_AT_name. + If scope qualifiers are appropriate they will be added. The result +- will be allocated on the objfile_obstack, or NULL if the DIE does ++ will be allocated on the storage_obstack, or NULL if the DIE does + not have a name. NAME may either be from a previous call to + dwarf2_name or NULL. + +@@ -8677,7 +8686,8 @@ dwarf2_physname (const char *name, struct die_info *die, struct dwarf2_cu *cu) + retval = canon; + + if (need_copy) +- retval = obstack_copy0 (&objfile->objfile_obstack, retval, strlen (retval)); ++ retval = obstack_copy0 (&objfile->per_bfd->storage_obstack, ++ retval, strlen (retval)); + + do_cleanups (back_to); + return retval; +@@ -15508,7 +15518,7 @@ read_partial_die (const struct die_reader_specs *reader, + default: + part_die->name + = dwarf2_canonicalize_name (DW_STRING (&attr), cu, +- &objfile->objfile_obstack); ++ &objfile->per_bfd->storage_obstack); + break; + } + break; +@@ -15793,7 +15803,7 @@ guess_partial_die_structure_name (struct partial_die_info *struct_pdi, + if (actual_class_name != NULL) + { + struct_pdi->name +- = obstack_copy0 (&cu->objfile->objfile_obstack, ++ = obstack_copy0 (&cu->objfile->per_bfd->storage_obstack, + actual_class_name, + strlen (actual_class_name)); + xfree (actual_class_name); +@@ -15879,8 +15889,9 @@ fixup_partial_die (struct partial_die_info *part_die, + else + base = demangled; + +- part_die->name = obstack_copy0 (&cu->objfile->objfile_obstack, +- base, strlen (base)); ++ part_die->name ++ = obstack_copy0 (&cu->objfile->per_bfd->storage_obstack, ++ base, strlen (base)); + xfree (demangled); + } + } +@@ -18557,7 +18568,7 @@ guess_full_die_structure_name (struct die_info *die, struct dwarf2_cu *cu) + && actual_name[actual_name_len + - die_name_len - 1] == ':') + name = +- obstack_copy0 (&cu->objfile->objfile_obstack, ++ obstack_copy0 (&cu->objfile->per_bfd->storage_obstack, + actual_name, + actual_name_len - die_name_len - 2); + } +@@ -18603,7 +18614,7 @@ anonymous_struct_prefix (struct die_info *die, struct dwarf2_cu *cu) + if (base == NULL || base == DW_STRING (attr) || base[-1] != ':') + return ""; + +- return obstack_copy0 (&cu->objfile->objfile_obstack, ++ return obstack_copy0 (&cu->objfile->per_bfd->storage_obstack, + DW_STRING (attr), &base[-1] - DW_STRING (attr)); + } + +@@ -18943,8 +18954,9 @@ dwarf2_name (struct die_info *die, struct dwarf2_cu *cu) + char *base; + + /* FIXME: we already did this for the partial symbol... */ +- DW_STRING (attr) = obstack_copy0 (&cu->objfile->objfile_obstack, +- demangled, strlen (demangled)); ++ DW_STRING (attr) ++ = obstack_copy0 (&cu->objfile->per_bfd->storage_obstack, ++ demangled, strlen (demangled)); + DW_STRING_IS_CANONICAL (attr) = 1; + xfree (demangled); + +@@ -18967,7 +18979,7 @@ dwarf2_name (struct die_info *die, struct dwarf2_cu *cu) + { + DW_STRING (attr) + = dwarf2_canonicalize_name (DW_STRING (attr), cu, +- &cu->objfile->objfile_obstack); ++ &cu->objfile->per_bfd->storage_obstack); + DW_STRING_IS_CANONICAL (attr) = 1; + } + return DW_STRING (attr); + diff --git a/gdb.spec b/gdb.spec index 0d871b4..d66f3ed 100644 --- a/gdb.spec +++ b/gdb.spec @@ -39,7 +39,7 @@ Version: 7.7.1 # The release always contains a leading reserved number, start it at 1. # `upstream' is not a part of `name' to stay fully rpm dependencies compatible for the testing. -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and BSD and Public Domain and GFDL Group: Development/Debuggers @@ -1408,6 +1408,9 @@ fi %endif # 0%{!?el5:1} || "%{_target_cpu}" == "noarch" %changelog +* Tue Jul 1 2014 Jan Kratochvil - 7.7.1-15.fc21 +- Fix memory errors with demangled name hash (Tom Tromey). + * Mon Jun 30 2014 Jan Kratochvil - 7.7.1-14.fc21 - Fix crash on optimized-out entry data values (BZ 1111910).