Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
Bug 623219 - gdb aborts with a 'double free or corruption' when calling inferior functions with print or call command
gdb aborts with a 'double free or corruption' when calling inferior functions...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: gdb (Show other bugs)
5.5
All Linux
medium Severity medium
: rc
: ---
Assigned To: Jan Kratochvil
qe-baseos-tools
:
Depends On:
Blocks: 590060 639645
  Show dependency treegraph
 
Reported: 2010-08-11 12:16 EDT by Alan Matsuoka
Modified: 2018-11-14 12:34 EST (History)
2 users (show)

See Also:
Fixed In Version: gdb-7.0.1-27.el5
Doc Type: Bug Fix
Doc Text:
Previously, GDB terminated unexpectedly when an inferior shared library list changed during an inferior function call, for example by the dlopen() function. With this update, GDB remains stable in this case.
Story Points: ---
Clone Of:
: 639645 (view as bug list)
Environment:
Last Closed: 2011-01-13 18:55:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
gdb-doublefree.patch (17.86 KB, patch)
2010-08-11 12:18 EDT, Alan Matsuoka
no flags Details | Diff
fix+testcase (21.42 KB, patch)
2010-08-18 05:28 EDT, Jan Kratochvil
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0099 normal SHIPPED_LIVE gdb bug fix update 2011-01-12 12:21:16 EST

  None (edit)
Description Alan Matsuoka 2010-08-11 12:16:41 EDT
Issue:

gdb aborts with a "double free or corruption" when calling inferior functions with print or call command. This occurs only when the inferior function dynamically loads a shared library.

How Reproducible:

Always

Steps to Reproduce:

1) Create the sample programs:
shared.cpp:

int add(int a, int b)
{
 return a+b;
}

main.cpp:

#include
#include
using namespace std;
extern "C" int openlibrary()
{
void*  handle = dlopen ("./libmyshared.so", RTLD_LAZY);
if (handle != NULL)
{
 cout<<"open successfully."<
 dlclose(handle);
}
else
{
 cerr<< dlerror()<
}
return 0;
}


int main()
{
 return 0;
}

2) Build the program:

$ g++ -g -m32 -shared -o libmyshared.so shared.cpp
$ g++ -g -m32 main.cpp -ldl

3) Test

$ gdb a.out
GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /root/test_gdb_new/a.out...done.
(gdb) break main
Breakpoint 1 at 0x8048762: file main.cpp, line 21.
(gdb) r
Starting program: /root/test_gdb_new/a.out

Breakpoint 1, main () at main.cpp:21
21      return 0;
(gdb) p openlibrary()
open successfully.
$1 = 0
(gdb)
open successfully.

Actual Results:

*** glibc detected *** gdb: double free or corruption (!prev): 0x0943e998 ***
Segmentation fault

Expected result:

gdb should not crash.

Additional Information:

The same test works correctly on Fedora-13 with gdb-7.1-28.fc13

This patch seems to work for me and I didn't seem to have broken anything after running make check.
It's a backport of this patch http://osdir.com/ml/general/2010-03/msg18913.html
Comment 1 Alan Matsuoka 2010-08-11 12:18:53 EDT
Created attachment 438221 [details]
gdb-doublefree.patch
Comment 2 Jan Kratochvil 2010-08-17 06:13:10 EDT
Re: RFC: fix bug with std::terminate handler
http://sourceware.org/ml/gdb-patches/2010-03/msg00861.html
Message-ID: <m339zodtow.fsf@fleche.redhat.com>
93ad27bbc56b9c0209d9b49851d538afc80723dd
http://sourceware.org/ml/gdb-cvs/2010-03/msg00242.html
Comment 3 Jan Kratochvil 2010-08-18 05:28:25 EDT
Created attachment 439338 [details]
fix+testcase

testcase from:
[patch] testsuite: new: std::terminate crash
http://sourceware.org/ml/gdb-patches/2010-08/msg00266.html
Comment 4 Jan Kratochvil 2010-09-06 14:43:02 EDT
* Mon Sep  6 2010 Jan Kratochvil <jan.kratochvil@redhat.com> - 7.0.1-27.el5
- Fix crash with std::terminate handler (BZ 623219, Tom Tromey).
Comment 7 Eva Kopalova 2010-11-16 12:14:41 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, GDB terminated unexpectedly when an inferior shared library list changed during an inferior function call, for example by the dlopen() function. With this update, GDB remains stable in this case.
Comment 10 errata-xmlrpc 2011-01-13 18:55:04 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0099.html

Note You need to log in before you can comment on or make changes to this bug.