diff options
| author | Pedro Alves <palves@redhat.com> | 2018-01-22 19:54:17 +0000 |
|---|---|---|
| committer | Pedro Alves <palves@redhat.com> | 2018-01-22 19:54:17 +0000 |
| commit | ddd0c99df8d76047fc651911e5651e8decae86ca (patch) | |
| tree | d4df5a7b6827874308d0f19f1d3c691dea8e792e /gdb/ChangeLog | |
| parent | 5dc31b7c3e26d81b184e502081115c0392d41a8d (diff) | |
Fix segfault with 'set print object on' + 'whatis <struct>' & co
Compiling GDB with a recent GCC exposes a problem:
../../gdb/typeprint.c: In function 'void whatis_exp(const char*, int)':
../../gdb/typeprint.c:515:12: warning: 'val' may be used uninitialized in this function [-Wmaybe-uninitialized]
real_type = value_rtti_type (val, &full, &top, &using_enc);
~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The warning is correct. There are indeed code paths that use
uninitialized 'val', leading to crashes. Inside the
value_rtti_indirect_type/value_rtti_type calls here in whatis_exp:
if (opts.objectprint)
{
if (((TYPE_CODE (type) == TYPE_CODE_PTR) || TYPE_IS_REFERENCE (type))
&& (TYPE_CODE (TYPE_TARGET_TYPE (type)) == TYPE_CODE_STRUCT))
real_type = value_rtti_indirect_type (val, &full, &top, &using_enc);
else if (TYPE_CODE (type) == TYPE_CODE_STRUCT)
real_type = value_rtti_type (val, &full, &top, &using_enc);
}
We reach those calls above with "set print object on", and then with
any of:
(gdb) whatis struct some_structure_type
(gdb) whatis struct some_structure_type *
(gdb) whatis struct some_structure_type &
because "whatis" with a type argument enters this branch:
/* The behavior of "whatis" depends on whether the user
expression names a type directly, or a language expression
(including variable names). If the former, then "whatis"
strips one level of typedefs, only. If an expression,
"whatis" prints the type of the expression without stripping
any typedef level. "ptype" always strips all levels of
typedefs. */
if (show == -1 && expr->elts[0].opcode == OP_TYPE)
{
which does not initialize VAL. Trying the above triggers crashes like
this:
(gdb) set print object on
(gdb) whatis some_structure_type
Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
0x00000000005dda90 in check_typedef (type=0x6120736573756170) at src/gdb/gdbtypes.c:2388
2388 int instance_flags = TYPE_INSTANCE_FLAGS (type);
...
This is a regression caused by a recent-ish refactoring of the code on
'whatis_exp', introduced by:
commit c973d0aa4a2c737ab527ae44a617f1c357e07364
Date: Mon Aug 21 11:34:32 2017 +0100
Fix type casts losing typedefs and reimplement "whatis" typedef stripping
Fix this by setting VAL to NULL in the "whatis TYPE" case, and
skipping fetching the dynamic type if there's no value to fetch it
from.
New tests included.
gdb/ChangeLog:
2018-01-22 Pedro Alves <palves@redhat.com>
Sergio Durigan Junior <sergiodj@redhat.com>
* typeprint.c (whatis_exp): Initialize "val" in the "whatis type"
case.
gdb/testsuite/ChangeLog:
2018-01-22 Pedro Alves <palves@redhat.com>
Sergio Durigan Junior <sergiodj@redhat.com>
* gdb.base/whatis.exp: Add tests for 'set print object on' +
'whatis <struct>' 'whatis <struct> *' and 'whatis <struct> &'.
Diffstat (limited to 'gdb/ChangeLog')
| -rw-r--r-- | gdb/ChangeLog | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/gdb/ChangeLog b/gdb/ChangeLog index 91093a5b11..ce6bb21771 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,9 @@ +2018-01-22 Pedro Alves <palves@redhat.com> + Sergio Durigan Junior <sergiodj@redhat.com> + + * typeprint.c (whatis_exp): Initialize "val" in the "whatis type" + case. + 2018-01-17 Sergio Durigan Junior <sergiodj@redhat.com> * compile/compile.c (compile_to_object): Convert "triplet_rx" |