[Bug gdb/13340] GDB crashes on "layout src"

["tristanmoody at gmail dot com" <sourceware-bugzilla at sourceware dot org>]

http://sourceware.org/bugzilla/show_bug.cgi?id=13340

--- Comment #6 from Tristan Moody <tristanmoody at gmail dot com> 2011-10-26 19:45:45 UTC ---
Ok, I think I found what may be the problem.

Function tdesc_register_name in gdb/target-descriptions.c when called with an
invalid register number returns the empty string "".  The problem is that in
*many* places in the code, the return value of this function is compared with a
null pointer, an invalid comparison.

Here's an example where things start to go pear-shaped:

Calling tdesc_register_name with regno=41 will lead to a return value of a
pointer to an empty string.  Lines 279 - 281 of tui_regs.c are as follows:

279:  name = gdbarch_register_name (gdbarch, regnum); <---called with regnum =
41 returns pointer to empty string.
280:  if (name == 0) <-- won't ever evaluate true.
281:    continue;

>From here, it goes to try to request a register that doesn't exist.

It looks like either the *_register_name functions need to return NULL for
invalid registers, or all the checks of the return type need to be evaluated
against an empty string.

I will try a patch and see if it fixes things for me.  If it works, I'll post
it here.

Backtrace:

#0  tdesc_register_name    (gdbarch=0x8c9b600, regno=41) at
../../gdb/target-descriptions.c:893
#1  0x0812b1ef in tui_show_register_group (refresh_values_only=16,
frame=0x853da44, group=0x84d5a2c) at ../../gdb/tui/tui-regs.c:279
#2  tui_show_registers (group=0x84d5a2c) at ../../gdb/tui/tui-regs.c:174
#3  0x08129f6a in tui_set_layout (regs_display_type=TUI_GENERAL_REGS,
layout_type=SRC_DATA_COMMAND) at ../../gdb/tui/tui-layout.c:260
#4  tui_set_layout (layout_type=SRC_DATA_COMMAND,
regs_display_type=TUI_GENERAL_REGS) at ../../gdb/tui/tui-layout.c:136
#5  0x0812a4f3 in tui_set_layout_for_display_command (layout_name=0x84f689f
"regs") at ../../gdb/tui/tui-layout.c:513
#6  0x0812a766 in tui_layout_command (arg=0x84f689f "regs", from_tty=1)    at
../../gdb/tui/tui-layout.c:613
#7  0x08099cdb in execute_command (p=0x84f68a2 "s", from_tty=1)    at
../../gdb/top.c:431
#8  0x081c64ea in command_handler (command=0x84f6898 "layout regs") at
../../gdb/event-top.c:504
#9  0x081c6f83 in command_line_handler (rl=0x93b0070 "") at
../../gdb/event-top.c:709
#10 0x082b1fd9 in rl_callback_read_char    () at ../../readline/callback.c:220
#11 0x081c6559 in rl_callback_read_char_wrapper    (client_data=0x0) at
../../gdb/event-top.c:178
#12 0x081c563b in handle_file_event (data=...) at ../../gdb/event-loop.c:831
 #13 0x081c57bb in process_event    () at ../../gdb/event-loop.c:402
#14 process_event () at ../../gdb/event-loop.c:352
#15 0x081c5c15 in gdb_do_one_event (data=<optimized out>) at
../../gdb/event-loop.c:467
#16 gdb_do_one_event (data=0x0)    at ../../gdb/event-loop.c:417
#17 0x081c051f in catch_errors (func=0x81c5b00 <gdb_do_one_event>,
func_args=0x0, errstring=0x8372ba9 "", mask=6) at ../../gdb/exceptions.c:521
#18 0x08128224 in tui_command_loop (data=0x0) at ../../gdb/tui/tui-interp.c:175
#19 0x081c0b23 in current_interp_command_loop () at ../../gdb/interps.c:291
#20 0x0808ee49 in captured_command_loop    (data=0x0) at ../../gdb/main.c:229
#21 0x081c051f in catch_errors (func=0x808ee40 <captured_command_loop>,   
func_args=0x0, errstring=0x8372ba9 "", mask=6) at ../../gdb/exceptions.c:521
#22 0x0808fad4 in captured_main    (data=0xbfffe5c0) at ../../gdb/main.c:1029
#23 0x081c051f in catch_errors (func=0x808f150 <captured_main>,   
func_args=0xbfffe5c0, errstring=0x8372ba9 "", mask=6) at
../../gdb/exceptions.c:521
#24 0x080904d1 in gdb_main (args=0xbfffe5c0) at ../../gdb/main.c:1039
#25 0x0808ecca in main (argc=1,    argv=0xbfffe674) at ../../gdb/gdb.c:49

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.