Avoid crash from coerce_unspec_val_to_type

With a certain Ada program, ada-lang.c:coerce_unspec_val_to_type can
cause a crash.  This function may copy a value, and in the particular
case in the crash, the new value's type is smaller than the original
type.  This causes coerce_unspec_val_to_type to create a lazy value --
but the original value is also not_lval, so later, when the value is
un-lazied, gdb asserts.

As with the previous patch, we believe there is a compiler bug here,
but it is difficult to reproduce, so we're not completely certain.

In the particular case we saw, the original value has record type, and
the record holds some variable-length arrays.  This leads to the
type's length being 0.  At the same time, the value is optimized out.

This patch changes coerce_unspec_val_to_type to handle an
optimized-out value correctly.

It also slightly restructures this code to avoid a crash should a
not_lval value wind up here.  This is a purely defensive change.

This change also made it clear that value_contents_copy_raw can now be
made static, so that is also done.

gdb/ChangeLog
2021-02-09  Tom Tromey  <tromey@adacore.com>

	* ada-lang.c (coerce_unspec_val_to_type): Avoid making lazy
	not_lval value.
	* value.c (value_contents_copy_raw): Now static.
	* value.h (value_contents_copy_raw): Don't declare.

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 6470c996a301e1cf732be6d7f73a13d73e44dba1..5c66f99e8178ab7b87ae17f04d72b7cfc0a8e7e6 100644 (file)
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,10 @@
+2021-02-09  Tom Tromey  <tromey@adacore.com>
+
+       * ada-lang.c (coerce_unspec_val_to_type): Avoid making lazy
+       not_lval value.
+       * value.c (value_contents_copy_raw): Now static.
+       * value.h (value_contents_copy_raw): Don't declare.
+
 2021-02-09  Tom Tromey  <tromey@adacore.com>
 
        * gdbtypes.c (resolve_dynamic_struct): Handle structure with no

diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
index 70296f97797ffaed0309b76a07853c15b0ad9186..416a45be58e59b565ac3214421b490d49ef54179 100644 (file)
--- a/gdb/ada-lang.c
+++ b/gdb/ada-lang.c
@@ -601,13 +601,17 @@ coerce_unspec_val_to_type (struct value *val, struct type *type)
         trying to allocate some memory for it.  */
       ada_ensure_varsize_limit (type);
 
-      if (value_lazy (val)
-         || TYPE_LENGTH (type) > TYPE_LENGTH (value_type (val)))
+      if (value_optimized_out (val))
+       result = allocate_optimized_out_value (type);
+      else if (value_lazy (val)
+              /* Be careful not to make a lazy not_lval value.  */
+              || (VALUE_LVAL (val) != not_lval
+                  && TYPE_LENGTH (type) > TYPE_LENGTH (value_type (val))))
        result = allocate_value_lazy (type);
       else
        {
          result = allocate_value (type);
-         value_contents_copy_raw (result, 0, val, 0, TYPE_LENGTH (type));
+         value_contents_copy (result, 0, val, 0, TYPE_LENGTH (type));
        }
       set_value_component_location (result, val);
       set_value_bitsize (result, value_bitsize (val));

diff --git a/gdb/value.c b/gdb/value.c
index 4135d5ec33939f80d16d431a9a2990f6a497ae08..bddf9a47923a0c1e845f94668c959a11569d8464 100644 (file)
--- a/gdb/value.c
+++ b/gdb/value.c
@@ -1304,7 +1304,7 @@ value_ranges_copy_adjusted (struct value *dst, int dst_bit_offset,
    It is assumed the contents of DST in the [DST_OFFSET,
    DST_OFFSET+LENGTH) range are wholly available.  */
 
-void
+static void
 value_contents_copy_raw (struct value *dst, LONGEST dst_offset,
                         struct value *src, LONGEST src_offset, LONGEST length)
 {

diff --git a/gdb/value.h b/gdb/value.h
index 39e94f45ea600a098f8510ea35cd79a53889fc9b..60a831c38c4e6a8ac3504299c4604d75dc0a2a25 100644 (file)
--- a/gdb/value.h
+++ b/gdb/value.h
@@ -739,9 +739,6 @@ extern struct value *allocate_value_lazy (struct type *type);
 extern void value_contents_copy (struct value *dst, LONGEST dst_offset,
                                 struct value *src, LONGEST src_offset,
                                 LONGEST length);
-extern void value_contents_copy_raw (struct value *dst, LONGEST dst_offset,
-                                    struct value *src, LONGEST src_offset,
-                                    LONGEST length);
 
 extern struct value *allocate_repeat_value (struct type *type, int count);