Bug 491441

Summary: gdb coredumped while trying to read coredump file
Product: [Fedora] Fedora Reporter: Zdenek Kabelac <zkabelac>
Component: gdbAssignee: Jan Kratochvil <jan.kratochvil>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: dvlasenk, jan.kratochvil, mnowak
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gdb-6.8.50.20090302-10.fc11 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-21 07:17:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zdenek Kabelac 2009-03-21 00:37:50 UTC 
Description of problem:

I've tried to look into a coredump created by firefox - and got coredump by gdb:
I'm attaching full backtrace - but its hard to say what is the fault  -
as it looks like gdb is doing some interal fault catching ??

Anyway - fomr  cp-support.c line 83  - it looks like function 

cp_already_canonical() could be potentially called with NULL string, thus it segfaults here. But that's just first sight idea...

Potential fix could be to check for NULL in cp_canonicalize_string() and avoid calling this function and return NULL.

I'll keep binary for firefox & coredump only for a few days - if there will be quick bugfix for retesting...

#0  cp_already_canonical (string=<value optimized out>) at ../../gdb/cp-support.c:83
#1  cp_canonicalize_string (string=<value optimized out>) at ../../gdb/cp-support.c:115
#2  0x0000000000546d2d in dwarf2_canonicalize_name (name=0x0, cu=0x7ffff0a65bc0, obstack=0x7ffff0a65c98)
    at ../../gdb/dwarf2read.c:8984
#3  0x000000000054701e in read_partial_die (part_die=0x7505880, abbrev=0x767f020, abbrev_len=<value optimized out>, 
    abfd=<value optimized out>, info_ptr=0x7fb9d8b804aa "\5O\4\374h.", cu=0x7ffff0a65bc0) at ../../gdb/dwarf2read.c:6668
#4  0x00000000005473be in load_partial_dies (abfd=<value optimized out>, info_ptr=0x7fb9d8b804a5 "\30\360]\35", 
    building_psymtab=<value optimized out>, cu=0x7ffff0a65bc0) at ../../gdb/dwarf2read.c:6474
#5  0x000000000054abe8 in dwarf2_build_psymtabs_hard (objfile=0x2aa3f00, mainline=<value optimized out>)
    at ../../gdb/dwarf2read.c:1796
#6  0x00000000004b0d57 in read_psyms (objfile=0x2aa3f00) at ../../gdb/elfread.c:741
#7  0x00000000004e6155 in require_partial_symbols (objfile=0x0) at ../../gdb/symtab.c:1193
#8  0x00000000004e7cc7 in find_pc_sect_psymtab (pc=139762921316829, section=0x0) at ../../gdb/symtab.c:881
#9  0x00000000004e802a in find_pc_sect_symtab (pc=139762921316829, section=0x0) at ../../gdb/symtab.c:2132
#10 0x00000000004e6030 in blockvector_for_pc_sect (pc=139762921316829, section=0x7ffff0a65bc0, pblock=0x7ffff0a65ea8, 
    symtab=0x7fb9d5edd020) at ../../gdb/block.c:115
#11 0x00000000004e6060 in block_for_pc_sect (pc=0, section=0x7ffff0a65bc0) at ../../gdb/block.c:191
#12 0x000000000059d7ad in inline_frame_sniffer (self=<value optimized out>, this_frame=0x6c46e98, 
    this_cache=<value optimized out>) at ../../gdb/inline-frame.c:182
#13 0x000000000059be07 in frame_unwind_find_by_frame (this_frame=0x6c46e98, this_cache=0x6c46ea0) at ../../gdb/frame-unwind.c:102
#14 0x0000000000598ac1 in get_frame_type (frame=0x6c46e98) at ../../gdb/frame.c:1851
#15 0x0000000000598d48 in get_frame_address_in_block (this_frame=0x6c46e98) at ../../gdb/frame.c:1724
#16 0x000000000050b2c6 in backtrace_command_1 (from_tty=<value optimized out>, show_locals=<value optimized out>, 
    count_exp=<value optimized out>) at ../../gdb/stack.c:1278
#17 backtrace_command_stub (from_tty=<value optimized out>, show_locals=<value optimized out>, count_exp=<value optimized out>)
    at ../../gdb/stack.c:1330
#18 0x000000000050e544 in catch_errors (func=<value optimized out>, func_args=<value optimized out>, 
    errstring=<value optimized out>, mask=<value optimized out>) at ../../gdb/exceptions.c:516
#19 0x0000000000509e43 in backtrace_command (arg=<value optimized out>, from_tty=<value optimized out>) at ../../gdb/stack.c:1388
#20 0x000000000044c790 in execute_command (p=0x1a5e102 "", from_tty=1) at ../../gdb/top.c:450
#21 0x00000000005148d5 in command_handler (command=0x1a5e100 "bt") at ../../gdb/event-top.c:519
#22 0x00000000005155d2 in command_line_handler (rl=<value optimized out>) at ../../gdb/event-top.c:744
#23 0x00007fb9e862fe2c in rl_callback_read_char () from /lib64/libreadline.so.5
#24 0x0000000000514a19 in rl_callback_read_char_wrapper (client_data=0x0) at ../../gdb/event-top.c:179
#25 0x0000000000513338 in process_event () at ../../gdb/event-loop.c:394
#26 0x000000000051456a in gdb_do_one_event (data=<value optimized out>) at ../../gdb/event-loop.c:459
#27 0x000000000050e544 in catch_errors (func=<value optimized out>, func_args=<value optimized out>, 
    errstring=<value optimized out>, mask=<value optimized out>) at ../../gdb/exceptions.c:516
#28 0x000000000049e028 in tui_command_loop (data=<value optimized out>) at ../../gdb/tui/tui-interp.c:156
#29 0x0000000000444889 in captured_command_loop (data=0x0) at ../../gdb/main.c:183
#30 0x000000000050e544 in catch_errors (func=<value optimized out>, func_args=<value optimized out>, 
    errstring=<value optimized out>, mask=<value optimized out>) at ../../gdb/exceptions.c:516
#31 0x0000000000445206 in captured_main (data=<value optimized out>) at ../../gdb/main.c:989
#32 0x000000000050e544 in catch_errors (func=<value optimized out>, func_args=<value optimized out>, 
    errstring=<value optimized out>, mask=<value optimized out>) at ../../gdb/exceptions.c:516
#33 0x0000000000444874 in gdb_main (args=0x7ffff0a65bc0) at ../../gdb/main.c:999
#34 0x0000000000444849 in main (argc=<value optimized out>, argv=0x7ffff0a65bc0) at ../../gdb/gdb.c:47
(gdb) 
#0  cp_already_canonical (string=<value optimized out>) at ../../gdb/cp-support.c:83
#1  cp_canonicalize_string (string=<value optimized out>) at ../../gdb/cp-support.c:115
#2  0x0000000000546d2d in dwarf2_canonicalize_name (name=0x0, cu=0x7ffff0a65bc0, obstack=0x7ffff0a65c98)
    at ../../gdb/dwarf2read.c:8984
#3  0x000000000054701e in read_partial_die (part_die=0x7505880, abbrev=0x767f020, abbrev_len=<value optimized out>, 
    abfd=<value optimized out>, info_ptr=0x7fb9d8b804aa "\5O\4\374h.", cu=0x7ffff0a65bc0) at ../../gdb/dwarf2read.c:6668
#4  0x00000000005473be in load_partial_dies (abfd=<value optimized out>, info_ptr=0x7fb9d8b804a5 "\30\360]\35", 
    building_psymtab=<value optimized out>, cu=0x7ffff0a65bc0) at ../../gdb/dwarf2read.c:6474
#5  0x000000000054abe8 in dwarf2_build_psymtabs_hard (objfile=0x2aa3f00, mainline=<value optimized out>)
    at ../../gdb/dwarf2read.c:1796
#6  0x00000000004b0d57 in read_psyms (objfile=0x2aa3f00) at ../../gdb/elfread.c:741
#7  0x00000000004e6155 in require_partial_symbols (objfile=0x0) at ../../gdb/symtab.c:1193
#8  0x00000000004e7cc7 in find_pc_sect_psymtab (pc=139762921316829, section=0x0) at ../../gdb/symtab.c:881
#9  0x00000000004e802a in find_pc_sect_symtab (pc=139762921316829, section=0x0) at ../../gdb/symtab.c:2132
#10 0x00000000004e6030 in blockvector_for_pc_sect (pc=139762921316829, section=0x7ffff0a65bc0, pblock=0x7ffff0a65ea8, 
    symtab=0x7fb9d5edd020) at ../../gdb/block.c:115
#11 0x00000000004e6060 in block_for_pc_sect (pc=0, section=0x7ffff0a65bc0) at ../../gdb/block.c:191
#12 0x000000000059d7ad in inline_frame_sniffer (self=<value optimized out>, this_frame=0x6c46e98, 
    this_cache=<value optimized out>) at ../../gdb/inline-frame.c:182
#13 0x000000000059be07 in frame_unwind_find_by_frame (this_frame=0x6c46e98, this_cache=0x6c46ea0) at ../../gdb/frame-unwind.c:102
#14 0x0000000000598ac1 in get_frame_type (frame=0x6c46e98) at ../../gdb/frame.c:1851
#15 0x0000000000598d48 in get_frame_address_in_block (this_frame=0x6c46e98) at ../../gdb/frame.c:1724
#16 0x000000000050b2c6 in backtrace_command_1 (from_tty=<value optimized out>, show_locals=<value optimized out>, 
    count_exp=<value optimized out>) at ../../gdb/stack.c:1278
#17 backtrace_command_stub (from_tty=<value optimized out>, show_locals=<value optimized out>, count_exp=<value optimized out>)
    at ../../gdb/stack.c:1330
#18 0x000000000050e544 in catch_errors (func=<value optimized out>, func_args=<value optimized out>, 
    errstring=<value optimized out>, mask=<value optimized out>) at ../../gdb/exceptions.c:516
#19 0x0000000000509e43 in backtrace_command (arg=<value optimized out>, from_tty=<value optimized out>) at ../../gdb/stack.c:1388
#20 0x000000000044c790 in execute_command (p=0x1a5e102 "", from_tty=1) at ../../gdb/top.c:450
#21 0x00000000005148d5 in command_handler (command=0x1a5e100 "bt") at ../../gdb/event-top.c:519
#22 0x00000000005155d2 in command_line_handler (rl=<value optimized out>) at ../../gdb/event-top.c:744
#23 0x00007fb9e862fe2c in rl_callback_read_char () from /lib64/libreadline.so.5
#24 0x0000000000514a19 in rl_callback_read_char_wrapper (client_data=0x0) at ../../gdb/event-top.c:179
#25 0x0000000000513338 in process_event () at ../../gdb/event-loop.c:394
#26 0x000000000051456a in gdb_do_one_event (data=<value optimized out>) at ../../gdb/event-loop.c:459
#27 0x000000000050e544 in catch_errors (func=<value optimized out>, func_args=<value optimized out>, 
    errstring=<value optimized out>, mask=<value optimized out>) at ../../gdb/exceptions.c:516
#28 0x000000000049e028 in tui_command_loop (data=<value optimized out>) at ../../gdb/tui/tui-interp.c:156
#29 0x0000000000444889 in captured_command_loop (data=0x0) at ../../gdb/main.c:183
#30 0x000000000050e544 in catch_errors (func=<value optimized out>, func_args=<value optimized out>, 
    errstring=<value optimized out>, mask=<value optimized out>) at ../../gdb/exceptions.c:516
#31 0x0000000000445206 in captured_main (data=<value optimized out>) at ../../gdb/main.c:989
#32 0x000000000050e544 in catch_errors (func=<value optimized out>, func_args=<value optimized out>, 
    errstring=<value optimized out>, mask=<value optimized out>) at ../../gdb/exceptions.c:516
#33 0x0000000000444874 in gdb_main (args=0x7ffff0a65bc0) at ../../gdb/main.c:999
#34 0x0000000000444849 in main (argc=<value optimized out>, argv=0x7ffff0a65bc0) at ../../gdb/gdb.c:47

Version-Release number of selected component (if applicable):
gdb-6.8.50.20090302-8.fc11.x86_64

How reproducible:
maybe my coredump from firefox is special

Steps to Reproduce:
1. no idea
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Jan Kratochvil 2009-03-21 07:17:26 UTC 
Already fixed in Rawhide, just the Rawhide-freeze blocks its distribution:
http://koji.fedoraproject.org/koji/buildinfo?buildID=94187
* Sun Mar 15 2009 Jan Kratochvil <jan.kratochvil> - 6.8.50.20090302-10
 - Archer update to the snapshot: 935f217d3367a642374bc56c6b146d376fc3edab
 - Archer backport: 281278326412f9d6a3fabb8adc1d419fd7ddc7d7
   - Fix [expr] crash reading invalid DWARF C++ symbol "" (BZ 490319).
Comment 2 Jan Kratochvil 2009-03-26 19:37:19 UTC 
*** Bug 492390 has been marked as a duplicate of this bug. ***