From sudakov@sibptus.tomsk.ru  Wed Jun 25 02:45:51 2008
Return-Path: <sudakov@sibptus.tomsk.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CC43A106566B
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 25 Jun 2008 02:45:51 +0000 (UTC)
	(envelope-from sudakov@sibptus.tomsk.ru)
Received: from relay2.tomsk.ru (relay2.tomsk.ru [212.73.124.8])
	by mx1.freebsd.org (Postfix) with ESMTP id 421FF8FC1E
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 25 Jun 2008 02:45:50 +0000 (UTC)
	(envelope-from sudakov@sibptus.tomsk.ru)
Received: from admin.sibptus.tomsk.ru (account sudakov@sibptus.tomsk.ru [212.73.125.240] verified)
  by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.13)
  with ESMTPSA id 10249972; Wed, 25 Jun 2008 08:45:45 +0700
Received: (from sudakov@localhost)
	by admin.sibptus.tomsk.ru (8.13.6/8.13.6/Submit) id m5P1jkxO089875;
	Wed, 25 Jun 2008 08:45:46 +0700 (OMSST)
	(envelope-from sudakov)
Message-Id: <200806250145.m5P1jkxO089875@admin.sibptus.tomsk.ru>
Date: Wed, 25 Jun 2008 08:45:46 +0700 (OMSST)
From: Victor Sudakov <sudakov@sibptus.tomsk.ru>
Reply-To: Victor Sudakov <sudakov@sibptus.tomsk.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc: sav@sibptus.tomsk.ru
Subject: gdb crashes after setting hardware watchpoint
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         124970
>Category:       gnu
>Synopsis:       gdb(1): gdb crashes after setting hardware watchpoint
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 25 02:50:01 UTC 2008
>Closed-Date:    
>Last-Modified:  Mon Oct 13 07:00:15 UTC 2008
>Originator:     Victor Sudakov
>Release:        FreeBSD 7.0-RELEASE i386
>Organization:
AO "Svyaztransneft", SibPTUS
>Environment:
System: FreeBSD 7.0-RELEASE i386


>Description:
  gdb dumps core after setting hardware watchpoint
>How-To-Repeat:

$ gdb ./test
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
(gdb) l
1       #include <stdio.h>
2
3       int main(int argc, char **argv)
4       {
5         int x = 30;
6         int y = 10;
7
8         x = y;
9
10        return 0;
(gdb) break 6
Breakpoint 1 at 0x80484ef: file test.c, line 6.
(gdb) run
Starting program: /home/sav/test

Breakpoint 1, main (argc=1, argv=0xbfbfe6d4) at test.c:6
6         int y = 10;
(gdb) watch x
Hardware watchpoint 2: x
(gdb) c
Continuing.
Hardware watchpoint 2: x

Old value = 30
New value = 10
main (argc=1, argv=0xbfbfe6d4) at test.c:10
10        return 0;
(gdb) c
Continuing.
Segmentation fault (core dumped)
$

>Fix:

 none that I know of

>Release-Note:
>Audit-Trail:

From: "Dorr H. Clark" <dclark@engr.scu.edu>
To: bug-followup@FreeBSD.org
Cc: freebsd-bugs@FreeBSD.org, Victor Sudakov <sudakov@sibptus.tomsk.ru>
Subject: Re: gnu/124970: gdb(1): gdb crashes after setting hardware watchpoint
Date: Wed, 8 Oct 2008 00:56:50 -0700 (PDT)

 We believe that the problem reported in PR 124970 has been fixed in gdb 6.2.1. 
 
 The latest port for gdb6 is 6.6.1 in 7.0-Release.  However, 7.0 was distributed 
 with the 6.1.1 release of gdb.  We recommend that the gdb port in the 7.x 
 release series be upgraded to address this issue.  Note that FreeBSD 6.3 
 also has the same version of gdb with the same problem.
 
 What follows is a detailed discussion of the issue and a patch.
 
 In addition to patching gdb itself, switching locally to gdb 6.6.1 is
 another workaround for users concerned about this bug.
 
 Problem:
 When control reaches the end of scope for hardware watchpoint, the value chain
 is not freed. Thus, when the program reaches the end, the value chain still
 exists and when non-existent fields in it are dereferenced, a segmentation 
 fault ensues. 
 
 Solution:
 In the following solution, the deletion of watchpoint is moved to
 delete_breakpoint(). This routine is invoked when the watchpoint reaches the end
 of scope. Thus the value chain has been removed when the program finishes and it
 will no longer cause a segmentation fault.
 
 Ramnath Duggirala
 Engineer
 
 Dorr H. Clark
 Advisor
 
 Graduate School of Engineering
 Santa Clara University
 Santa Clara, CA
 
 http://www.cse.scu.edu/~dclark/coen_284_FreeBSD/124970.txt
 
 Patch ( contrib/gdb/gdb/breakpoint.c ):
 
 --- breakpoint.c.orig	2008-10-08 00:34:23.000000000 +0000
 +++ breakpoint.c	2008-10-08 00:34:26.000000000 +0000
 @@ -745,6 +745,23 @@
    return 0;
  }
  
 +/* Helper routine: free the value chain for a breakpoint (watchpoint).  */
 +
 +static void free_valchain (struct bp_location *b)
 +{
 +  struct value *v;
 +  struct value *n;
 +
 +  /* Free the saved value chain.  We will construct a new one
 +     the next time the watchpoint is inserted.  */
 +  for (v = b->owner->val_chain; v; v = n)
 +    {
 +      n = v->next;
 +      value_free (v);
 +    }
 +  b->owner->val_chain = NULL;
 +}
 +
  /* Insert a low-level "breakpoint" of some type.  BPT is the breakpoint.
     Any error messages are printed to TMP_ERROR_STREAM; and DISABLED_BREAKS,
     PROCESS_WARNING, and HW_BREAKPOINT_ERROR are used to report problems.
 @@ -919,6 +936,8 @@
  
        if (within_current_scope)
  	{
 +	  free_valchain (bpt);
 +
  	  /* Evaluate the expression and cut the chain of values
  	     produced off from the value chain.
  
 @@ -1504,15 +1523,6 @@
        if ((is == mark_uninserted) && (b->inserted))
  	warning ("Could not remove hardware watchpoint %d.",
  		 b->owner->number);
 -
 -      /* Free the saved value chain.  We will construct a new one
 -         the next time the watchpoint is inserted.  */
 -      for (v = b->owner->val_chain; v; v = n)
 -	{
 -	  n = v->next;
 -	  value_free (v);
 -	}
 -      b->owner->val_chain = NULL;
      }
    else if ((b->owner->type == bp_catch_fork ||
  	    b->owner->type == bp_catch_vfork ||
 @@ -6866,13 +6876,15 @@
    if (bpt->type == bp_none)
      return;
  
 -  if (delete_breakpoint_hook)
 -    delete_breakpoint_hook (bpt);
 +  if (deprecated_delete_breakpoint_hook)
 +    deprecated_delete_breakpoint_hook (bpt);
    breakpoint_delete_event (bpt->number);
  
    if (bpt->loc->inserted)
      remove_breakpoint (bpt->loc, mark_inserted);
  
 +  free_valchain (bpt->loc);
 +
    if (breakpoint_chain == bpt)
      breakpoint_chain = bpt->next;
  
  
 
 
 

From: Victor Sudakov <sudakov@sibptus.tomsk.ru>
To: "Dorr H. Clark" <dclark@engr.scu.edu>
Cc: bug-followup@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject: Re: gnu/124970: gdb(1): gdb crashes after setting hardware watchpoint
Date: Mon, 13 Oct 2008 12:54:07 +0700

 Dorr H. Clark wrote:
 > 
 > We believe that the problem reported in PR 124970 has been fixed in gdb 6.2.1. 
 > 
 > The latest port for gdb6 is 6.6.1 in 7.0-Release.  However, 7.0 was distributed 
 > with the 6.1.1 release of gdb.  We recommend that the gdb port in the 7.x 
 > release series be upgraded to address this issue.  Note that FreeBSD 6.3 
 > also has the same version of gdb with the same problem.
 > 
 > What follows is a detailed discussion of the issue and a patch.
 > 
 > In addition to patching gdb itself, switching locally to gdb 6.6.1 is
 > another workaround for users concerned about this bug.
 
 Thank you for your effort, I will use gdb from the ports collection.
 
 -- 
 Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
 sip:sudakov@sibptus.tomsk.ru
>Unformatted:
