Bug 682891

Summary: [MI] crash on use-after-free types in check_typedef()
Product: Red Hat Enterprise Linux 6 Reporter: Jan Kratochvil <jan.kratochvil>
Component: gdbAssignee: Jan Kratochvil <jan.kratochvil>
Status: CLOSED ERRATA QA Contact: qe-baseos-tools-bugs
Severity: high Docs Contact:
Priority: high    
Version: 6.1CC: ebachalo, pmuller
Target Milestone: rc   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard: abrt_hash:a1fd5a303a652d1340f7b7e567a970ae0c988a14
Fixed In Version: gdb-7.2-45.el6 Doc Type: Bug Fix
Doc Text:
GDB crashed when attempting to access dynamic types, such as variable length arrays, using the GDB/MI interface. GDB now no longer crashes under these circumstances.
 Story Points: ---
Clone Of: 682286 Environment:
Last Closed: 2011-05-19 13:48:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jan Kratochvil 2011-03-07 22:04:50 UTC 
+++ This bug was initially created as a clone of Bug #682286 +++

cmdline: gdb --interpreter=mi2 -quiet

How to reproduce
-----
1. Open KDevelop 4.1.2 (shipped with Fedora 14).
2. Create a C++ project (CMake) with a simple hello world-like code (needs at least 2 executable lines).
3. Place a breakpoint in an executable line.
4. Compile the project.
5. Debug the project.
6. When the execution reaches the breakpoint and stops, select 'Step Over' the statement.

GDB crashes at that point

--- Additional comment from jan.kratochvil on 2011-03-05 08:02:00 CET ---

I thought the archer-jankratochvil-vla branch has the unfinished types garbage collector disabled but it was enabled.  varobj (=MI) did not properly mark the types as still used and thus a freed memory access happened, I am sorry.
Disabled the garbage collector for now.

-------------------------------------------------------------------------------

It affects only MI - that is front ends like Eclipse.

devel_ack:
Fix - disable free_all_types():
http://pkgs.fedoraproject.org/gitweb/?p=gdb.git;a=blob_plain;f=gdb-vla-gc-disable.patch;hb=f14/master

qa_ack: I will try to create a reproducer.
Comment 1 Jan Kratochvil 2011-03-08 07:52:30 UTC 
New testcase:
http://sourceware.org/git/?p=archer.git;a=commitdiff_plain;h=b20c7d74a7e132186e7d80525eae8ed08ca4d5b8
Comment 3 Eva Kopalova 2011-04-05 15:59:04 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
GDB crashed when attempting to access dynamic types, such as variable length arrays, using the GDB/MI interface. GDB now no longer crashes under these circumstances.
Comment 7 errata-xmlrpc 2011-05-19 13:48:51 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0638.html