Ubuntu
gdb package

gdb crashes when loading core files (in is_ctor_or_dtor)

Bug #1006860 reported by Marco Trevisan (Treviño)
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
gdb
Fix Released
Critical
gdb (Ubuntu)
Fix Released
High
Matthias Klose

Bug Description

gdb crashes when loading core files into it.

I've generated a core file from a compiz (unity) crash, but when loading gdb it crashes during load or when entering the "bt full" command.

I attach here a backtrace taken loading gdb into gdb...

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: gdb 7.4-2012.04-0ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-24.38-generic 3.2.16
Uname: Linux 3.2.0-24-generic x86_64
ApportVersion: 2.0.1-0ubuntu8
Architecture: amd64
Date: Thu May 31 14:12:28 2012
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
ProcEnviron:
 TERM=xterm
 PATH=(custom, user)
 LANG=it_IT.UTF-8
 SHELL=/bin/bash
SourcePackage: gdb
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Marco Trevisan (Treviño) (3v1n0) wrote :
Brian Murray (brian-murray)
Changed in gdb (Ubuntu):
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gdb (Ubuntu):
status: New → Confirmed
Brian Murray (brian-murray)
tags: added: quantal
Revision history for this message
Brandon Schaefer (brandontschaefer) wrote :

I was able to reproduce this crash in unity and I tracked it down to the usage of a lambda function:

http://bazaar.launchpad.net/~unity-team/unity/trunk/view/head:/launcher/LauncherIcon.cpp#L862

  timeout->Run([&, quirk] {
    UpdateQuirkTime(quirk);
    return false;
  });

The way I get it crash is just trying to set a breakpoint anywhere in that file (Or any other file with the same kind of usage). If I comment out that line of code gdb lets me set break points again. Gdb also likes it if I make a callback function rather then a lambda. So the only way I get gdb to crash while setting breakpoints is while using a lambda func.

In the meantime Ill try to produce a small sample that produces the same results. Thank you!

Brian Murray (brian-murray)
Changed in gdb (Ubuntu):
assignee: nobody → Canonical Foundations Team (canonical-foundations)
Revision history for this message
Brandon Schaefer (brandontschaefer) wrote :

I've linked a branch that causes the crash.

Revision history for this message
Brandon Schaefer (brandontschaefer) wrote :

Soo the problem seems to be located in that iffy template code. Here is a really small program that generates the gdb crash...
pastebin.ubuntu.com/1062024/

Revision history for this message
Thomas Voß (thomas-voss) wrote :

It turns out that gdb crashes as it tries to determine whether a field of a lambda is a or ctor/dtor, given the fields name. Apparently, the field's name is NULL and I added a check for that, bailing out and returning 0 ("no, this is neither a dtor nor a ctor"). GDB behaves normally when being run on the test program mentioned before. Patch is attached, generated with quilt.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "gdb-fix-crash-when-checking-for-ctor-of-lambda.diff" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Revision history for this message
Thomi Richards (thomir-deactivatedaccount) wrote :

I've applied the patch to the current gdb sources and I can confidently say "works for me" - this issue was driving me insane, so extra thanks to Thomas who fixed it.

Revision history for this message
Sebastien Bacher (seb128) wrote :

I've uploading the fix to quantal and keeping an upstream component open for tracking assigned to doko so he can check out if any further upstreaming is needed.

Thomas, did you send the patch to the upstream list?

Changed in gdb:
assignee: nobody → Matthias Klose (doko)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gdb - 7.4-2012.06-0ubuntu2

---------------
gdb (7.4-2012.06-0ubuntu2) quantal; urgency=low

  * segfault-when-checking-for-ctor-of-lambda.diff:
    - don't segfault when trying to determine whether a field of a lambda
      is a or ctor/dtor, given the fields name, thanks Thomas Voß
      (lp: #1006860)
 -- Sebastien Bacher <email address hidden> Fri, 13 Jul 2012 18:10:09 +0200

Changed in gdb (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
In , Marco Trevisan (Treviño) (3v1n0) wrote :

Created attachment 6531
gdb-fix-crash-when-checking-for-ctor-of-lambda by Thomas Voß

Using GDB to debug this test case: http://pastebin.ubuntu.com/1062024/ causes it to crash in is_ctor_or_dtor.

Attached here patch by Thomas Voß that fixes it.

This is description:
«It turns out that gdb crashes as it tries to determine whether a field of a lambda is a or ctor/dtor, given the fields name. Apparently, the field's name is NULL and I added a check for that, bailing out and returning 0 ("no, this is neither a dtor nor a ctor"). GDB behaves normally when being run on the test program mentioned before. Patch is attached, generated with quilt.»

See launchpad bug http://pad.lv/1006860 for reference.

Revision history for this message
Marco Trevisan (Treviño) (3v1n0) wrote :

Added bug upstream and linked to this.

Changed in gdb:
assignee: Matthias Klose (doko) → nobody
importance: Undecided → Unknown
status: New → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in gdb:
importance: Unknown → Critical
status: Unknown → Confirmed
Revision history for this message
In , Jan Kratochvil (jan-kratochvil) wrote :

Please post any patches to gdb-patches at sourceware.org.

Revision history for this message
In , Tromey-redhat (tromey-redhat) wrote :

I reproduced the bug.

I don't think this is the correct fix.

What seems to be happening here is that we are trying to
compute the physname for a type that is a pointer to a member
function of an unnamed structure type.
Because it is unnamed, c_type_print_base falls through to
printing the body of the structure, instead of its name.
This then crashes.

Maybe NULL checks in is_constructor_name and is_destructor_name
would be ok; though I am not sure. But even if those were there
we would still be seeing very weird results here.

Revision history for this message
In , Tromey-redhat (tromey-redhat) wrote :

BTW I reproduced using the reported test case:

#include <sigc++/sigc++.h>

#if __cplusplus >= 201100L || defined (__GXX_EXPERIMENTAL_CXX0X__)
#include <type_traits>

namespace sigc
{
    template <typename Functor>
      struct functor_trait<Functor, false>
      {
        typedef decltype (::sigc::mem_fun(std::declval<Functor&>(), &Functor::operator())) _intermediate;
        typedef typename _intermediate::result_type result_type;
        typedef Functor functor_type;
      };
}
#endif

int main()
{
  sigc::slot <bool> slot3 = [] () -> bool { return true; };
  sigc::slot <bool, int> slot4 = [] (int) -> bool { return true; };
  while (1);
}

and building it on Fedora 16 with

g++ -std=c++0x -g -o pr pr.cc $(pkg-config --cflags sigc++-2.0) $(pkg-config --libs sigc++-2.0)

Simplest way to see it is "gdb -readnow pr"

Revision history for this message
In , Keiths-x (keiths-x) wrote :

I think Tom is correct. IMO the questionable thing done here is asking c_type_print_base to print details of the type when we have a pointer member/method whose containing class/struct is anonymous (TYPE_NAME (type) == NULL). That just doesn't seem right.

I believe the proper fix is simply for c_type_print_varspec_prefix to honor the SHOW parameter when it is calling other c_type_print_* functions.

In this function, the only cases which do not pass SHOW to the other type printing functions are MEMBERPTR and METHODPTR, exactly where we are seeing problems.

I'm working on a test case for this now, and will submit a patch when it is finished. [It requires hand-written DWARF.]

Revision history for this message
In , Cvs-commit (cvs-commit) wrote :

CVSROOT: /cvs/src
Module name: src
Changes by: <email address hidden> 2012-08-19 19:37:51

Modified files:
 gdb : ChangeLog c-typeprint.c
 gdb/testsuite : ChangeLog
Added files:
 gdb/testsuite/gdb.dwarf2: dw2-anon-mptr.exp dw2-anon-mptr.S

Log message:
 PR c++/14365
 * c-typeprint.c (c_type_print_varspec_prefix): Pass
 -1 for SHOW to c_type_print_base for METHODPTR and MEMBERPTR.

 * gdb.dwarf2/dw2-anon-mptr.exp: New file.
 * gdb.dwarf2/dw2-anon-mptr.S: New file.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/ChangeLog.diff?cvsroot=src&r1=1.14602&r2=1.14603
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/c-typeprint.c.diff?cvsroot=src&r1=1.75&r2=1.76
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/testsuite/ChangeLog.diff?cvsroot=src&r1=1.3343&r2=1.3344
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/testsuite/gdb.dwarf2/dw2-anon-mptr.exp.diff?cvsroot=src&r1=NONE&r2=1.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/testsuite/gdb.dwarf2/dw2-anon-mptr.S.diff?cvsroot=src&r1=NONE&r2=1.1

Revision history for this message
In , Keiths-x (keiths-x) wrote :

I have committed a patch to fix this. If there are any further problems, please let me know.

Revision history for this message
Marco Trevisan (Treviño) (3v1n0) wrote :

Proper fix to this bug has been submitted upstream and needs to be packaged again, patches are available at http://sourceware.org/bugzilla/show_bug.cgi?id=14365#c5

Changed in gdb (Ubuntu):
status: Fix Released → Triaged
Steve Langasek (vorlon)
Changed in gdb (Ubuntu):
assignee: Canonical Foundations Team (canonical-foundations) → Matthias Klose (doko)
Bug Watch Updater (bug-watch-updater)
Changed in gdb:
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gdb - 7.5-0ubuntu1

---------------
gdb (7.5-0ubuntu1) quantal; urgency=low

  * New upstream release 7.5.
  * Backport fix for PR gdb/14365. LP: #1006860.
  * Stop building libgdb-dev (libgdb.a not built anymore).
 -- Matthias Klose <email address hidden> Wed, 22 Aug 2012 17:39:32 +0200

Changed in gdb (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.