This is the mail archive of the gdb-prs@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug gdb/13716] crash on finish

From: "orgads at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: gdb-prs at sourceware dot org
Date: Tue, 21 Feb 2012 08:06:09 +0000
Subject: [Bug gdb/13716] crash on finish
Auto-submitted: auto-generated
References: <bug-13716-4717@http.sourceware.org/bugzilla/>

http://sourceware.org/bugzilla/show_bug.cgi?id=13716

--- Comment #1 from Orgad Shaneh <orgads at gmail dot com> 2012-02-21 08:06:09 UTC ---
Created attachment 6231
  --> http://sourceware.org/bugzilla/attachment.cgi?id=6231
overwrite backtrace

I found the location in which unwind is overwritten.

frame's address is 0xf5d1ca0.

First, on utils.c:3487 - void hashtab_obstack_allocate (void *data, size_t
size, size_t count)

obstack_alloc returns frame's address, then memset is called on it, which
resets part of unwind.

After that, the same function is called and resets the rest of unwind.

The more interesting part, which is described in the attached backtrace is:

hashtab.c:313: result = (htab_t) (*alloc_f) (alloc_arg, 1, sizeof (struct
htab));

result gets frame's address, and when it assigns size, it overwrites frame's
unwind (and other fields as well)...

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

References:
- [Bug gdb/13716] New: crash on finish
  - From: orgads at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]