Date: Thu, 6 Aug 1998 10:05:57 +0000 (   )
From: "Gurunandan R. Bhat" <grbhat AT unigoa DOT ernet DOT in>
To: Eli Zaretskii <eliz AT is DOT elta DOT co DOT il>
Cc: djgpp AT delorie DOT com
Subject: Re: fsdb crashes post emacs
In-Reply-To: <Pine.SUN.3.91.980805163434.12608B-100000@is>
Message-Id: <Pine.LNX.3.91.980806095843.3135A-100000@aditya.unigoa.ernet.in>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Precedence: bulk



On Wed, 5 Aug 1998, Eli Zaretskii wrote:

> put a breakpoint inside `exit', and when the 
> breakpoint is hit, see whether the linked list is already scrogged.  By 
> moving the call to `exit' you can get a pretty good idea who overwrites 
> the list, and then debug that place as usual.

Thank you. Did that and it turns out that the potential offending 
candidate is the loop at line no 296 in /src/debug/common/syms.c.
The statement:

 l[i2].l_lnno += lbase 

oversteps over the array bound, lbase is -1 and the pointer to the next 
member of the malloc chain gets decremented, so that the address of the 
next malloced array gets byteshifted giving an invalid address.

I am now studying the organisation of the linenumber information structure
in a coff file to see the logic, and fix it *if* it is wrong, but if some
one who understands this better than I, and has the time and inclination
could fix it, it might get fixed faster (if fixing is required that is). 

With thanks and with warmest regards
Gurunandan