From: Tom de Vries <tdevries@suse.de>
Date: Tue, 29 Apr 2025 15:01:55 +0000 (+0200)
Subject: [gdb] Handle nullptr gdb_std{err,out} in {gdbpy,ioscm}_flush
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=de546e403cbbac70bbe15ab2c289c01b1ce53fc9;p=thirdparty%2Fbinutils-gdb.git

[gdb] Handle nullptr gdb_std{err,out} in {gdbpy,ioscm}_flush

Using the trigger patch described in the previous commit, I get:
...
$ gdb
(gdb) <q>error detected on stdin

Fatal signal: Segmentation fault
----- Backtrace -----
0x64c7b3 gdb_internal_backtrace_1
	/data/vries/gdb/src/gdb/bt-utils.c:127
0x64c937 _Z22gdb_internal_backtracev
	/data/vries/gdb/src/gdb/bt-utils.c:196
0x94db83 handle_fatal_signal
	/data/vries/gdb/src/gdb/event-top.c:1021
0x94dd48 handle_sigsegv
	/data/vries/gdb/src/gdb/event-top.c:1098
0x7f372be578ff ???
0x10b7c0a _Z9gdb_flushP7ui_file
	/data/vries/gdb/src/gdb/utils.c:1527
0xd4b938 gdbpy_flush
	/data/vries/gdb/src/gdb/python/python.c:1624
0x7f372d73b276 _PyCFunction_FastCallDict
	Objects/methodobject.c:231
0x7f372d73b276 _PyCFunction_FastCallKeywords
	Objects/methodobject.c:294
0x7f372d794a09 call_function
	Python/ceval.c:4851
0x7f372d78e838 _PyEval_EvalFrameDefault
	Python/ceval.c:3351
0x7f372d796e6e PyEval_EvalFrameEx
	Python/ceval.c:754
0x7f372d796e6e _PyFunction_FastCall
	Python/ceval.c:4933
0x7f372d796e6e _PyFunction_FastCallDict
	Python/ceval.c:5035
0x7f372d6fefc8 _PyObject_FastCallDict
	Objects/abstract.c:2310
0x7f372d6fefc8 _PyObject_Call_Prepend
	Objects/abstract.c:2373
0x7f372d6fe162 _PyObject_FastCallDict
	Objects/abstract.c:2331
0x7f372d700705 callmethod
	Objects/abstract.c:2583
0x7f372d700705 _PyObject_CallMethodId
	Objects/abstract.c:2640
0x7f372d812a41 flush_std_files
	Python/pylifecycle.c:699
0x7f372d81281d Py_FinalizeEx
	Python/pylifecycle.c:768
0xd4d49b finalize_python
	/data/vries/gdb/src/gdb/python/python.c:2308
0x9587eb _Z17ext_lang_shutdownv
	/data/vries/gdb/src/gdb/extension.c:330
0xfd98df _Z10quit_forcePii
	/data/vries/gdb/src/gdb/top.c:1817
0x6b3080 _Z12quit_commandPKci
	/data/vries/gdb/src/gdb/cli/cli-cmds.c:483
0x1056577 stdin_event_handler
	/data/vries/gdb/src/gdb/ui.c:131
0x1986970 handle_file_event
	/data/vries/gdb/src/gdbsupport/event-loop.cc:551
0x1986f4b gdb_wait_for_event
	/data/vries/gdb/src/gdbsupport/event-loop.cc:672
0x1985e0c _Z16gdb_do_one_eventi
	/data/vries/gdb/src/gdbsupport/event-loop.cc:263
0xb66f2e start_event_loop
	/data/vries/gdb/src/gdb/main.c:402
0xb670ba captured_command_loop
	/data/vries/gdb/src/gdb/main.c:466
0xb68b9b captured_main
	/data/vries/gdb/src/gdb/main.c:1344
0xb68c44 _Z8gdb_mainP18captured_main_args
	/data/vries/gdb/src/gdb/main.c:1363
0x41a3b1 main
	/data/vries/gdb/src/gdb/gdb.c:38
---------------------
A fatal error internal to GDB has been detected, further
debugging is not possible.  GDB will now terminate.

This is a bug, please report it.  For instructions, see:
<https://www.gnu.org/software/gdb/bugs/>.

Segmentation fault (core dumped)
$ q
...

Fix this in gdbpy_flush by checking for nullptr gdb_stdout/gdb_stderr (and
likewise in ioscm_flush) such that we get instead:
...
$ gdb
(gdb) <q>error detected on stdin
$ q
...

Tested on x86_64-linux.

Approved-By: Simon Marchi <simon.marchi@efficios.com>
---

diff --git a/gdb/guile/scm-ports.c b/gdb/guile/scm-ports.c
index ed43d646b9c..f3e3ec871b5 100644
--- a/gdb/guile/scm-ports.c
+++ b/gdb/guile/scm-ports.c
@@ -336,9 +336,15 @@ ioscm_flush (SCM port)
     return;
 
   if (scm_is_eq (port, error_port_scm))
-    gdb_flush (gdb_stderr);
+    {
+      if (gdb_stderr != nullptr)
+	gdb_flush (gdb_stderr);
+    }
   else
-    gdb_flush (gdb_stdout);
+    {
+      if (gdb_stdout != nullptr)
+	gdb_flush (gdb_stdout);
+    }
 }
 
 #else /* !USING_GUILE_BEFORE_2_2 */
diff --git a/gdb/python/python.c b/gdb/python/python.c
index 7e28eb6ebee..24cb511c3d5 100644
--- a/gdb/python/python.c
+++ b/gdb/python/python.c
@@ -1612,16 +1612,19 @@ gdbpy_flush (PyObject *self, PyObject *args, PyObject *kw)
     {
     case 1:
       {
-	gdb_flush (gdb_stderr);
+	if (gdb_stderr != nullptr)
+	  gdb_flush (gdb_stderr);
 	break;
       }
     case 2:
       {
-	gdb_flush (gdb_stdlog);
+	if (gdb_stdlog != nullptr)
+	  gdb_flush (gdb_stdlog);
 	break;
       }
     default:
-      gdb_flush (gdb_stdout);
+      if (gdb_stdout != nullptr)
+	gdb_flush (gdb_stdout);
     }
 
   Py_RETURN_NONE;