This is the mail archive of the
gdb-prs@sourceware.org
mailing list for the GDB project.
gdb/2129: data moved into char array corrupts DWARF expression
- From: stephen dot branch at galileo dot com
- To: gdb-gnats at sources dot redhat dot com
- Date: 25 May 2006 17:01:55 -0000
- Subject: gdb/2129: data moved into char array corrupts DWARF expression
- Reply-to: stephen dot branch at galileo dot com
>Number: 2129
>Category: gdb
>Synopsis: data moved into char array corrupts DWARF expression
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu May 25 17:08:01 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Steve Branch
>Release: GNU gdb Red Hat Linux (6.3.0.0-1.96rh)
>Organization:
>Environment:
uname -a
Linux nggf460test2 2.6.9-34.ELlargesmp #1 SMP Fri Feb 24 17:06:55 EST 2006 x86_64 x86_64 x86_64 GNU/Linux
gcc -v
Reading specs from /usr/lib/gcc/x86_64-redhat-linux/3.4.5/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-java-awt=gtk --host=x86_64-redhat-linux
Thread model: posix
gcc version 3.4.5 20051201 (Red Hat 3.4.5-2)
This GDB was configured as "x86_64-redhat-linux-gnu"
>Description:
On return from a function that returns a string address in a provided char ** on input, the code does a strncpy to move the result into an 8 byte character array. Upon completion of the strncpy, the display of the destination variable is disabled. examination of code seems to indicate that the move was sucsessful.
Trace data (notice that the move appears to have taken place)
653 strncpy(Bcet,StringArea,sizeof(Bcet));
1: StringArea = 0xf8d3848 "00000000"
(gdb) display Bcet
3: Bcet = "4F1\000øfp\021"
(gdb) display &Bcet
4: &Bcet = (char (*)[8]) 0xfeef522c
(gdb) x/20c 0xf8d3848
0xf8d3848 <bcet_prologStringArea1>: 48 '0' 48 '0' 48 '0' 48 '0' 48 '0' 48 '0' 48 '0' 48 '0'
0xf8d3850 <bcet_prologStringArea1+8>: 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0'
0xf8d3858 <bcet_prologStringArea1+16>: 0 '\0' 0 '\0' 0 '\0' 0 '\0'
(gdb) x/20c 0xfeef522c
0xfeef522c: 52 '4' 70 'F' 49 '1' 0 '\0' -8 'ø' 102 'f' 112 'p' 17 '\021'
0xfeef5234: 12 '\f' 0 '\0' 0 '\0' 0 '\0' 1 '\001' 0 '\0' -1 'ÿ' -1 'ÿ'
0xfeef523c: 0 '\0' 0 '\0' 0 '\0' 0 '\0'
(gdb) next
654 c_get_supplier_code(FarePtr,&StringArea);
4: &Bcet = dwarf2_read_address: Corrupted DWARF expression.
Disabling display 4 to avoid infinite recursion.
(gdb) x/20c 0xf8d3848
0xf8d3848 <bcet_prologStringArea1>: 48 '0' 48 '0' 48 '0' 48 '0' 48 '0' 48 '0' 48 '0' 48 '0'
0xf8d3850 <bcet_prologStringArea1+8>: 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0' 0 '\0'
0xf8d3858 <bcet_prologStringArea1+16>: 0 '\0' 0 '\0' 0 '\0' 0 '\0'
(gdb) x/20c 0xfeef522c
0xfeef522c: 48 '0' 48 '0' 48 '0' 48 '0' 48 '0' 48 '0' 48 '0' 48 '0'
0xfeef5234: 12 '\f' 0 '\0' 0 '\0' 0 '\0' 1 '\001' 0 '\0' -1 'ÿ' -1 'ÿ'
0xfeef523c: 0 '\0' 0 '\0' 0 '\0' 0 '\0'
Code in table999.prolog.c: (code being traced)
593 char Bcet[8];
594 char R6Bcet[8];
595 char Supplier[5];
596 char RuleNum[4];
597 char FareTariff[3];
598 char const *StringArea;
652 c_get_record1_v02_bcet(R1Ptr,R1SegNbr,&StringArea);
653 strncpy(Bcet,StringArea,sizeof(Bcet)); <- causes corruption of DWARF
654 c_get_supplier_code(FarePtr,&StringArea);
655 strncpy(Supplier,StringArea,sizeof(Supplier));
Code in record1.v02.prolog.c:
60 char bcet_prologStringArea1[20];
61 static char prologStringArea1[20];
62 static char prologStringArea2[20];
63 static char prologStringArea3[20];
64 static char prologStringArea4[20];
65 static char prologStringArea5[20];
296 void c_get_record1_v02_bcet(struct R1Table *r1tp,
297 long segnbr,
298 char const **bcetOut)
299 {
300 char *bcet = bcet_prologStringArea1; <-- originally the static copy (prologStringArea1), this did not make a difference.
301 struct record1_V02 *r1;
302
303 *bcetOut = bcet_prologStringArea1;
304 memset(bcet_prologStringArea1,0,sizeof(bcet_prologStringArea1));
305
306 r1 = r1tp->R1;
307 memcpy(bcet,r1->rec1.segment[segnbr].rbdtblno,sizeof(r1->rec1.segment[segnbr].rbdtblno));
308 stripTrailingBlanks(bcet_prologStringArea1);
309 }
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: