Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 99130 - GDB 6.3 segfault
Summary: GDB 6.3 segfault
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-07-15 10:32 UTC by spiritus
Modified: 2005-07-16 22:53 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description spiritus 2005-07-15 10:32:50 UTC 
There is an error found in gdb that produces segfault if some conditions meet. 
The bug exists at last in the last stable gdb version sys-devel/gdb-6.3-r4 and in previous sys-devel/gdb-6.3-r3. It is reproducable at two different Gentoo Linux installs on two different boxes.

Here is the steps to reproduce the segfault in gdb:
1) $ cp /etc/skel/.gdbinit
2) Launch gdb:  $ gdb
3) Try command like "help t" in gdb: gdb> help t

After all this steps gdb catches segfault.

spiritus@gentoo ~ $ ulimit -c unlimited
spiritus@gentoo ~ $ gdb
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
gdb> help t
Segmentation fault (core dumped)

The segfault doesn't appear if there is no .gdbinit in home directory. So it seems that the bug may be in the config parsing code.

Here is the backtrace:

spiritus@gentoo ~ $ gdb /usr/bin/gdb -c core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".

Core was generated by `gdb'.
Program terminated with signal 11, Segmentation fault.

warning: current_sos: Can't read pathname for load map: Input/output error

Reading symbols from /lib/libreadline.so.5...done.
Loaded symbols for /lib/libreadline.so.5
Reading symbols from /lib/libncurses.so.5...done.
Loaded symbols for /lib/libncurses.so.5
Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/libgpm.so.1...done.
Loaded symbols for /lib/libgpm.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/tls/libthread_db.so.1...done.
Loaded symbols for /lib/tls/libthread_db.so.1
Reading symbols from /lib/libthread_db.so.1...done.
Loaded symbols for /lib/libthread_db.so.1
#0  0x080b60fc in lookup_cmd_1 (text=0xbfffdfc0, clist=0x8317088, result_list=0xbfffdf8c, ignore_help_classes=0x0) at cli-decode.c:1077
1077          c = lookup_cmd_1 (text, *found->prefixlist, result_list,
gdb> bt
#0  0x080b60fc in lookup_cmd_1 (text=0xbfffdfc0, clist=0x8317088, result_list=0xbfffdf8c, ignore_help_classes=0x0) at cli-decode.c:1077
#1  0x080b61fa in lookup_cmd (line=0xbfffdfc0, list=0x8317088, cmdtype=0x824fae0 "", allow_unknown=0x0, ignore_help_classes=0x0) at cli-decode.c:1146
#2  0x080b57fc in help_cmd (command=0x82e67b6 "", stream=0x831eae8) at cli-decode.c:717
#3  0x080b8ced in help_command (command=0x82e67b5 "t", from_tty=0x0) at cli-cmds.c:214
#4  0x080b4993 in do_cfunc (c=0x831bac0, args=0x82e67b5 "t", from_tty=0x0) at cli-decode.c:57
#5  0x080b6ddc in cmd_func (cmd=0x831bac0, args=0x82e67b5 "t", from_tty=0x0) at cli-decode.c:1599
#6  0x0807e86a in execute_command (p=0x82e67b5 "t", from_tty=0x1) at top.c:733
#7  0x081220ca in command_handler (command=0x82e67b0 "help t") at event-top.c:500
#8  0x08122880 in command_line_handler (rl=0x831e0c8 "0н1\b@н1\b") at event-top.c:793
#9  0xb7fc513f in rl_callback_read_char () from /lib/libreadline.so.5
#10 0x08121833 in rl_callback_read_char_wrapper (client_data=0x0) at event-top.c:166
#11 0x08121f8d in stdin_event_handler (error=0x0, client_data=0x0) at event-top.c:416
#12 0x08120f6f in handle_file_event (event_file_desc=0x0) at event-loop.c:721
#13 0x08120869 in process_event () at event-loop.c:334
#14 0x081208b2 in gdb_do_one_event (data=0x0) at event-loop.c:371
#15 0x0807e4c8 in do_catch_errors (uiout=0x831def8, data=0xbfffe298) at top.c:524
#16 0x0807e26c in catcher (func=0x807e4ac <do_catch_errors>, func_uiout=0x831def8, func_args=0xbfffe298, func_val=0xbfffe2a4, func_caught=0xbfffe2a0, errstring=0x8255809 "", gdberrmsg=0x0, mask=0x6) at top.c:431
#17 0x0807e51c in catch_errors (func=0x812087e <gdb_do_one_event>, func_args=0x0, errstring=0x8255809 "", mask=0x6) at top.c:536
#18 0x080c45e8 in tui_command_loop (data=0x0) at tui-interp.c:150
#19 0x0811e227 in current_interp_command_loop () at interps.c:277
#20 0x08074943 in captured_command_loop (data=0x0) at main.c:91
#21 0x0807e4c8 in do_catch_errors (uiout=0x831def8, data=0xbfffe438) at top.c:524
#22 0x0807e26c in catcher (func=0x807e4ac <do_catch_errors>, func_uiout=0x831def8, func_args=0xbfffe438, func_val=0xbfffe444, func_caught=0xbfffe440, errstring=0x823bd9a "", gdberrmsg=0x0, mask=0x6) at top.c:431
#23 0x0807e51c in catch_errors (func=0x8074938 <captured_command_loop>, func_args=0x0, errstring=0x823bd9a "", mask=0x6) at top.c:536
#24 0x08075819 in captured_main (data=0xbfffe750) at main.c:801
#25 0x0807e4c8 in do_catch_errors (uiout=0x82c99a0, data=0xbfffe708) at top.c:524
#26 0x0807e26c in catcher (func=0x807e4ac <do_catch_errors>, func_uiout=0x82c99a0, func_args=0xbfffe708, func_val=0xbfffe714, func_caught=0xbfffe710, errstring=0x823bd9a "", gdberrmsg=0x0, mask=0x6) at top.c:431
#27 0x0807e51c in catch_errors (func=0x8074977 <captured_main>, func_args=0xbfffe750, errstring=0x823bd9a "", mask=0x6) at top.c:536
#28 0x0807584f in gdb_main (args=0xbfffe750) at main.c:810
#29 0x08074934 in main (argc=0x1, argv=0xbfffe7f4) at gdb.c:35
    gdb> x/x $eip
0x80b60fc <lookup_cmd_1+665>:   0x4489008b
gdb> x/10i $eip
0x80b60fc <lookup_cmd_1+665>:   mov    (%eax),%eax
0x80b60fe <lookup_cmd_1+667>:   mov    %eax,0x4(%esp)
0x80b6102 <lookup_cmd_1+671>:   mov    0x8(%ebp),%eax
0x80b6105 <lookup_cmd_1+674>:   mov    %eax,(%esp)
0x80b6108 <lookup_cmd_1+677>:   call   0x80b5e63 <lookup_cmd_1>
0x80b610d <lookup_cmd_1+682>:   mov    %eax,0xffffffe4(%ebp)
0x80b6110 <lookup_cmd_1+685>:   cmpl   $0x0,0xffffffe4(%ebp)
0x80b6114 <lookup_cmd_1+689>:   jne    0x80b612c <lookup_cmd_1+713>
0x80b6116 <lookup_cmd_1+691>:   cmpl   $0x0,0x10(%ebp)
0x80b611a <lookup_cmd_1+695>:   je     0x80b6124 <lookup_cmd_1+705>
gdb> i r eax
eax            0x21     0x21                                      
gdb> i r
eax            0x21     0x21
ecx            0xbfffde95       0xbfffde95
edx            0x82e67b6        0x82e67b6
ebx            0xb7fd37d4       0xb7fd37d4
esp            0xbfffde80       0xbfffde80
ebp            0xbfffded8       0xbfffded8
esi            0x831e0c8        0x831e0c8
edi            0xb7fd8018       0xb7fd8018
eip            0x80b60fc        0x80b60fc
eflags         0x210206 0x210206
cs             0x73     0x73
ss             0x7b     0x7b
ds             0x7b     0x7b
es             0x7b     0x7b
fs             0x0      0x0
gs             0x33     0x33
gdb> disas
Dump of assembler code for function lookup_cmd_1:
0x080b5e63 <lookup_cmd_1+0>:    push   %ebp
0x080b5e64 <lookup_cmd_1+1>:    mov    %esp,%ebp
0x080b5e66 <lookup_cmd_1+3>:    sub    $0x48,%esp
0x080b5e69 <lookup_cmd_1+6>:    mov    0x8(%ebp),%eax
0x080b5e6c <lookup_cmd_1+9>:    mov    (%eax),%eax
0x080b5e6e <lookup_cmd_1+11>:   mov    %eax,0xffffffe0(%ebp)
0x080b5e71 <lookup_cmd_1+14>:   mov    0x8(%ebp),%eax
0x080b5e74 <lookup_cmd_1+17>:   mov    (%eax),%eax
0x080b5e76 <lookup_cmd_1+19>:   cmpb   $0x20,(%eax)
0x080b5e79 <lookup_cmd_1+22>:   je     0x80b5e87 <lookup_cmd_1+36>
0x080b5e7b <lookup_cmd_1+24>:   mov    0x8(%ebp),%eax
0x080b5e7e <lookup_cmd_1+27>:   mov    (%eax),%eax
0x080b5e80 <lookup_cmd_1+29>:   cmpb   $0x9,(%eax)
0x080b5e83 <lookup_cmd_1+32>:   je     0x80b5e87 <lookup_cmd_1+36>
0x080b5e85 <lookup_cmd_1+34>:   jmp    0x80b5e8e <lookup_cmd_1+43>
0x080b5e87 <lookup_cmd_1+36>:   mov    0x8(%ebp),%eax
0x080b5e8a <lookup_cmd_1+39>:   incl   (%eax)
0x080b5e8c <lookup_cmd_1+41>:   jmp    0x80b5e71 <lookup_cmd_1+14>
0x080b5e8e <lookup_cmd_1+43>:   mov    0x8(%ebp),%eax
0x080b5e91 <lookup_cmd_1+46>:   mov    (%eax),%eax
0x080b5e93 <lookup_cmd_1+48>:   mov    %eax,0xfffffffc(%ebp)
0x080b5e96 <lookup_cmd_1+51>:   mov    0xfffffffc(%ebp),%eax
0x080b5e99 <lookup_cmd_1+54>:   cmpb   $0x0,(%eax)
0x080b5e9c <lookup_cmd_1+57>:   je     0x80b5f25 <lookup_cmd_1+194>
0x080b5ea2 <lookup_cmd_1+63>:   call   0x8074720 <free+592>
0x080b5ea7 <lookup_cmd_1+68>:   mov    %eax,%ecx
0x080b5ea9 <lookup_cmd_1+70>:   mov    0xfffffffc(%ebp),%eax
0x080b5eac <lookup_cmd_1+73>:   movsbl (%eax),%eax
0x080b5eaf <lookup_cmd_1+76>:   lea    (%eax,%eax,1),%edx
0x080b5eb2 <lookup_cmd_1+79>:   mov    (%ecx),%eax
0x080b5eb4 <lookup_cmd_1+81>:   movzwl (%eax,%edx,1),%eax
0x080b5eb8 <lookup_cmd_1+85>:   and    $0x8,%eax
0x080b5ebb <lookup_cmd_1+88>:   test   %eax,%eax
0x080b5ebd <lookup_cmd_1+90>:   jne    0x80b5f1b <lookup_cmd_1+184>
0x080b5ebf <lookup_cmd_1+92>:   mov    0xfffffffc(%ebp),%eax
0x080b5ec2 <lookup_cmd_1+95>:   cmpb   $0x2d,(%eax)
0x080b5ec5 <lookup_cmd_1+98>:   je     0x80b5f1b <lookup_cmd_1+184>
0x080b5ec7 <lookup_cmd_1+100>:  mov    0xfffffffc(%ebp),%eax
0x080b5eca <lookup_cmd_1+103>:  cmpb   $0x5f,(%eax)
0x080b5ecd <lookup_cmd_1+106>:  je     0x80b5f1b <lookup_cmd_1+184>
0x080b5ecf <lookup_cmd_1+108>:  cmpl   $0x0,0x82cfdd8
0x080b5ed6 <lookup_cmd_1+115>:  je     0x80b5ef8 <lookup_cmd_1+149>
0x080b5ed8 <lookup_cmd_1+117>:  mov    0xfffffffc(%ebp),%eax
0x080b5edb <lookup_cmd_1+120>:  cmpb   $0x2b,(%eax)
0x080b5ede <lookup_cmd_1+123>:  je     0x80b5f1b <lookup_cmd_1+184>
0x080b5ee0 <lookup_cmd_1+125>:  mov    0xfffffffc(%ebp),%eax
0x080b5ee3 <lookup_cmd_1+128>:  cmpb   $0x3c,(%eax)
0x080b5ee6 <lookup_cmd_1+131>:  je     0x80b5f1b <lookup_cmd_1+184>
0x080b5ee8 <lookup_cmd_1+133>:  mov    0xfffffffc(%ebp),%eax
0x080b5eeb <lookup_cmd_1+136>:  cmpb   $0x3e,(%eax)
0x080b5eee <lookup_cmd_1+139>:  je     0x80b5f1b <lookup_cmd_1+184>
0x080b5ef0 <lookup_cmd_1+141>:  mov    0xfffffffc(%ebp),%eax
0x080b5ef3 <lookup_cmd_1+144>:  cmpb   $0x24,(%eax)
0x080b5ef6 <lookup_cmd_1+147>:  je     0x80b5f1b <lookup_cmd_1+184>
0x080b5ef8 <lookup_cmd_1+149>:  cmpl   $0x0,0x82cc644
0x080b5eff <lookup_cmd_1+156>:  je     0x80b5f25 <lookup_cmd_1+194>
0x080b5f01 <lookup_cmd_1+158>:  mov    0xfffffffc(%ebp),%eax
0x080b5f04 <lookup_cmd_1+161>:  cmpb   $0x21,(%eax)
0x080b5f07 <lookup_cmd_1+164>:  je     0x80b5f1b <lookup_cmd_1+184>
0x080b5f09 <lookup_cmd_1+166>:  mov    0xfffffffc(%ebp),%eax
0x080b5f0c <lookup_cmd_1+169>:  cmpb   $0x2f,(%eax)
0x080b5f0f <lookup_cmd_1+172>:  je     0x80b5f1b <lookup_cmd_1+184>
0x080b5f11 <lookup_cmd_1+174>:  mov    0xfffffffc(%ebp),%eax
0x080b5f14 <lookup_cmd_1+177>:  cmpb   $0x3f,(%eax)
0x080b5f17 <lookup_cmd_1+180>:  je     0x80b5f1b <lookup_cmd_1+184>
0x080b5f19 <lookup_cmd_1+182>:  jmp    0x80b5f25 <lookup_cmd_1+194>
0x080b5f1b <lookup_cmd_1+184>:  lea    0xfffffffc(%ebp),%eax
0x080b5f1e <lookup_cmd_1+187>:  incl   (%eax)
0x080b5f20 <lookup_cmd_1+189>:  jmp    0x80b5e96 <lookup_cmd_1+51>
0x080b5f25 <lookup_cmd_1+194>:  mov    0x8(%ebp),%edx
0x080b5f28 <lookup_cmd_1+197>:  mov    0xfffffffc(%ebp),%eax
0x080b5f2b <lookup_cmd_1+200>:  cmp    (%edx),%eax
0x080b5f2d <lookup_cmd_1+202>:  jne    0x80b5f3b <lookup_cmd_1+216>
0x080b5f2f <lookup_cmd_1+204>:  movl   $0x0,0xffffffd8(%ebp)
0x080b5f36 <lookup_cmd_1+211>:  jmp    0x80b616c <lookup_cmd_1+777>
0x080b5f3b <lookup_cmd_1+216>:  mov    0x8(%ebp),%eax
0x080b5f3e <lookup_cmd_1+219>:  mov    (%eax),%edx
0x080b5f40 <lookup_cmd_1+221>:  mov    0xfffffffc(%ebp),%eax
0x080b5f43 <lookup_cmd_1+224>:  sub    %edx,%eax
0x080b5f45 <lookup_cmd_1+226>:  mov    %eax,0xfffffff4(%ebp)
0x080b5f48 <lookup_cmd_1+229>:  mov    0xfffffff4(%ebp),%eax
0x080b5f4b <lookup_cmd_1+232>:  inc    %eax
0x080b5f4c <lookup_cmd_1+233>:  add    $0xf,%eax
0x080b5f4f <lookup_cmd_1+236>:  shr    $0x4,%eax
0x080b5f52 <lookup_cmd_1+239>:  shl    $0x4,%eax
0x080b5f55 <lookup_cmd_1+242>:  sub    %eax,%esp
0x080b5f57 <lookup_cmd_1+244>:  lea    0x14(%esp),%eax
0x080b5f5b <lookup_cmd_1+248>:  mov    %eax,0xfffffff8(%ebp)
0x080b5f5e <lookup_cmd_1+251>:  movl   $0x0,0xfffffff0(%ebp)
0x080b5f65 <lookup_cmd_1+258>:  mov    0xfffffff0(%ebp),%eax
0x080b5f68 <lookup_cmd_1+261>:  cmp    0xfffffff4(%ebp),%eax
0x080b5f6b <lookup_cmd_1+264>:  jl     0x80b5f6f <lookup_cmd_1+268>
0x080b5f6d <lookup_cmd_1+266>:  jmp    0x80b5f92 <lookup_cmd_1+303>
0x080b5f6f <lookup_cmd_1+268>:  mov    0x8(%ebp),%edx
0x080b5f72 <lookup_cmd_1+271>:  mov    0xfffffff0(%ebp),%eax
0x080b5f75 <lookup_cmd_1+274>:  add    (%edx),%eax
0x080b5f77 <lookup_cmd_1+276>:  movzbl (%eax),%eax
0x080b5f7a <lookup_cmd_1+279>:  mov    %al,0xffffffdf(%ebp)
0x080b5f7d <lookup_cmd_1+282>:  mov    0xfffffff0(%ebp),%eax
0x080b5f80 <lookup_cmd_1+285>:  mov    0xfffffff8(%ebp),%edx
0x080b5f83 <lookup_cmd_1+288>:  add    %eax,%edx
0x080b5f85 <lookup_cmd_1+290>:  movzbl 0xffffffdf(%ebp),%eax
0x080b5f89 <lookup_cmd_1+294>:  mov    %al,(%edx)
0x080b5f8b <lookup_cmd_1+296>:  lea    0xfffffff0(%ebp),%eax
0x080b5f8e <lookup_cmd_1+299>:  incl   (%eax)
0x080b5f90 <lookup_cmd_1+301>:  jmp    0x80b5f65 <lookup_cmd_1+258>
0x080b5f92 <lookup_cmd_1+303>:  mov    0xfffffff4(%ebp),%eax
0x080b5f95 <lookup_cmd_1+306>:  add    0xfffffff8(%ebp),%eax
0x080b5f98 <lookup_cmd_1+309>:  movb   $0x0,(%eax)
0x080b5f9b <lookup_cmd_1+312>:  movl   $0x0,0xffffffe8(%ebp)
0x080b5fa2 <lookup_cmd_1+319>:  movl   $0x0,0xffffffec(%ebp)
0x080b5fa9 <lookup_cmd_1+326>:  lea    0xffffffec(%ebp),%eax
0x080b5fac <lookup_cmd_1+329>:  mov    %eax,0x10(%esp)
0x080b5fb0 <lookup_cmd_1+333>:  mov    0x14(%ebp),%eax
0x080b5fb3 <lookup_cmd_1+336>:  mov    %eax,0xc(%esp)
0x080b5fb7 <lookup_cmd_1+340>:  mov    0xc(%ebp),%eax
0x080b5fba <lookup_cmd_1+343>:  mov    %eax,0x8(%esp)
0x080b5fbe <lookup_cmd_1+347>:  mov    0xfffffff4(%ebp),%eax
0x080b5fc1 <lookup_cmd_1+350>:  mov    %eax,0x4(%esp)
0x080b5fc5 <lookup_cmd_1+354>:  mov    0xfffffff8(%ebp),%eax
0x080b5fc8 <lookup_cmd_1+357>:  mov    %eax,(%esp)
0x080b5fcb <lookup_cmd_1+360>:  call   0x80b5ddb <find_cmd>
0x080b5fd0 <lookup_cmd_1+365>:  mov    %eax,0xffffffe8(%ebp)
0x080b5fd3 <lookup_cmd_1+368>:  cmpl   $0x0,0xffffffe8(%ebp)
0x080b5fd7 <lookup_cmd_1+372>:  je     0x80b5fe3 <lookup_cmd_1+384>
0x080b5fd9 <lookup_cmd_1+374>:  cmpl   $0x0,0xffffffec(%ebp)
0x080b5fdd <lookup_cmd_1+378>:  jne    0x80b607a <lookup_cmd_1+535>
0x080b5fe3 <lookup_cmd_1+384>:  movl   $0x0,0xfffffff0(%ebp)
0x080b5fea <lookup_cmd_1+391>:  mov    0xfffffff0(%ebp),%eax
0x080b5fed <lookup_cmd_1+394>:  cmp    0xfffffff4(%ebp),%eax
0x080b5ff0 <lookup_cmd_1+397>:  jl     0x80b5ff4 <lookup_cmd_1+401>
0x080b5ff2 <lookup_cmd_1+399>:  jmp    0x80b6050 <lookup_cmd_1+493>
0x080b5ff4 <lookup_cmd_1+401>:  mov    0xfffffff0(%ebp),%eax
0x080b5ff7 <lookup_cmd_1+404>:  add    0xfffffff8(%ebp),%eax
0x080b5ffa <lookup_cmd_1+407>:  movzbl (%eax),%eax
0x080b5ffd <lookup_cmd_1+410>:  mov    %al,0xffffffdf(%ebp)
0x080b6000 <lookup_cmd_1+413>:  mov    0xfffffff0(%ebp),%eax
0x080b6003 <lookup_cmd_1+416>:  mov    0xfffffff8(%ebp),%edx
0x080b6006 <lookup_cmd_1+419>:  add    %eax,%edx
0x080b6008 <lookup_cmd_1+421>:  mov    %edx,0xffffffd4(%ebp)
0x080b600b <lookup_cmd_1+424>:  call   0x8074720 <free+592>
0x080b6010 <lookup_cmd_1+429>:  mov    %eax,%ecx
0x080b6012 <lookup_cmd_1+431>:  movsbl 0xffffffdf(%ebp),%eax
0x080b6016 <lookup_cmd_1+435>:  lea    (%eax,%eax,1),%edx
0x080b6019 <lookup_cmd_1+438>:  mov    (%ecx),%eax
0x080b601b <lookup_cmd_1+440>:  movzwl (%eax,%edx,1),%eax
0x080b601f <lookup_cmd_1+444>:  and    $0x100,%eax
0x080b6024 <lookup_cmd_1+449>:  test   %eax,%eax
0x080b6026 <lookup_cmd_1+451>:  je     0x80b6039 <lookup_cmd_1+470>
0x080b6028 <lookup_cmd_1+453>:  movsbl 0xffffffdf(%ebp),%eax
0x080b602c <lookup_cmd_1+457>:  mov    %eax,(%esp)
0x080b602f <lookup_cmd_1+460>:  call   0x8073cd0 <_init+1256>
0x080b6034 <lookup_cmd_1+465>:  mov    %al,0xffffffd3(%ebp)
0x080b6037 <lookup_cmd_1+468>:  jmp    0x80b6040 <lookup_cmd_1+477>
0x080b6039 <lookup_cmd_1+470>:  movzbl 0xffffffdf(%ebp),%eax
0x080b603d <lookup_cmd_1+474>:  mov    %al,0xffffffd3(%ebp)
0x080b6040 <lookup_cmd_1+477>:  movzbl 0xffffffd3(%ebp),%edx
0x080b6044 <lookup_cmd_1+481>:  mov    0xffffffd4(%ebp),%eax
0x080b6047 <lookup_cmd_1+484>:  mov    %dl,(%eax)
0x080b6049 <lookup_cmd_1+486>:  lea    0xfffffff0(%ebp),%eax
0x080b604c <lookup_cmd_1+489>:  incl   (%eax)
0x080b604e <lookup_cmd_1+491>:  jmp    0x80b5fea <lookup_cmd_1+391>
0x080b6050 <lookup_cmd_1+493>:  lea    0xffffffec(%ebp),%eax
0x080b6053 <lookup_cmd_1+496>:  mov    %eax,0x10(%esp)
0x080b6057 <lookup_cmd_1+500>:  mov    0x14(%ebp),%eax
0x080b605a <lookup_cmd_1+503>:  mov    %eax,0xc(%esp)
0x080b605e <lookup_cmd_1+507>:  mov    0xc(%ebp),%eax
0x080b6061 <lookup_cmd_1+510>:  mov    %eax,0x8(%esp)
0x080b6065 <lookup_cmd_1+514>:  mov    0xfffffff4(%ebp),%eax
0x080b6068 <lookup_cmd_1+517>:  mov    %eax,0x4(%esp)
0x080b606c <lookup_cmd_1+521>:  mov    0xfffffff8(%ebp),%eax
0x080b606f <lookup_cmd_1+524>:  mov    %eax,(%esp)
0x080b6072 <lookup_cmd_1+527>:  call   0x80b5ddb <find_cmd>
0x080b6077 <lookup_cmd_1+532>:  mov    %eax,0xffffffe8(%ebp)
0x080b607a <lookup_cmd_1+535>:  cmpl   $0x0,0xffffffec(%ebp)
0x080b607e <lookup_cmd_1+539>:  jne    0x80b608c <lookup_cmd_1+553>
0x080b6080 <lookup_cmd_1+541>:  movl   $0x0,0xffffffd8(%ebp)
0x080b6087 <lookup_cmd_1+548>:  jmp    0x80b616c <lookup_cmd_1+777>
0x080b608c <lookup_cmd_1+553>:  cmpl   $0x1,0xffffffec(%ebp)
0x080b6090 <lookup_cmd_1+557>:  jle    0x80b60ad <lookup_cmd_1+586>
0x080b6092 <lookup_cmd_1+559>:  cmpl   $0x0,0x10(%ebp)
0x080b6096 <lookup_cmd_1+563>:  je     0x80b60a1 <lookup_cmd_1+574>
0x080b6098 <lookup_cmd_1+565>:  mov    0x10(%ebp),%eax
0x080b609b <lookup_cmd_1+568>:  movl   $0x0,(%eax)
0x080b60a1 <lookup_cmd_1+574>:  movl   $0xffffffff,0xffffffd8(%ebp)
0x080b60a8 <lookup_cmd_1+581>:  jmp    0x80b616c <lookup_cmd_1+777>
0x080b60ad <lookup_cmd_1+586>:  mov    0x8(%ebp),%eax
0x080b60b0 <lookup_cmd_1+589>:  mov    0xfffffffc(%ebp),%edx
0x080b60b3 <lookup_cmd_1+592>:  mov    %edx,(%eax)
0x080b60b5 <lookup_cmd_1+594>:  mov    0xffffffe8(%ebp),%eax
0x080b60b8 <lookup_cmd_1+597>:  cmpl   $0x0,0x60(%eax)
0x080b60bc <lookup_cmd_1+601>:  je     0x80b60df <lookup_cmd_1+636>
0x080b60be <lookup_cmd_1+603>:  mov    0xffffffe8(%ebp),%eax
0x080b60c1 <lookup_cmd_1+606>:  mov    0x1c(%eax),%eax
0x080b60c4 <lookup_cmd_1+609>:  and    $0x2,%eax
0x080b60c7 <lookup_cmd_1+612>:  test   %eax,%eax
0x080b60c9 <lookup_cmd_1+614>:  je     0x80b60d6 <lookup_cmd_1+627>
0x080b60cb <lookup_cmd_1+616>:  lea    0xffffffe0(%ebp),%eax
0x080b60ce <lookup_cmd_1+619>:  mov    %eax,(%esp)
0x080b60d1 <lookup_cmd_1+622>:  call   0x80b6516 <deprecated_cmd_warning>
0x080b60d6 <lookup_cmd_1+627>:  mov    0xffffffe8(%ebp),%eax
0x080b60d9 <lookup_cmd_1+630>:  mov    0x60(%eax),%eax
0x080b60dc <lookup_cmd_1+633>:  mov    %eax,0xffffffe8(%ebp)
0x080b60df <lookup_cmd_1+636>:  mov    0xffffffe8(%ebp),%eax
0x080b60e2 <lookup_cmd_1+639>:  cmpl   $0x0,0x34(%eax)
0x080b60e6 <lookup_cmd_1+643>:  je     0x80b6158 <lookup_cmd_1+757>
0x080b60e8 <lookup_cmd_1+645>:  mov    0x14(%ebp),%eax
0x080b60eb <lookup_cmd_1+648>:  mov    %eax,0xc(%esp)
0x080b60ef <lookup_cmd_1+652>:  mov    0x10(%ebp),%eax
0x080b60f2 <lookup_cmd_1+655>:  mov    %eax,0x8(%esp)
0x080b60f6 <lookup_cmd_1+659>:  mov    0xffffffe8(%ebp),%eax
0x080b60f9 <lookup_cmd_1+662>:  mov    0x34(%eax),%eax
0x080b60fc <lookup_cmd_1+665>:  mov    (%eax),%eax
0x080b60fe <lookup_cmd_1+667>:  mov    %eax,0x4(%esp)
0x080b6102 <lookup_cmd_1+671>:  mov    0x8(%ebp),%eax
0x080b6105 <lookup_cmd_1+674>:  mov    %eax,(%esp)
0x080b6108 <lookup_cmd_1+677>:  call   0x80b5e63 <lookup_cmd_1>
0x080b610d <lookup_cmd_1+682>:  mov    %eax,0xffffffe4(%ebp)
0x080b6110 <lookup_cmd_1+685>:  cmpl   $0x0,0xffffffe4(%ebp)
0x080b6114 <lookup_cmd_1+689>:  jne    0x80b612c <lookup_cmd_1+713>
0x080b6116 <lookup_cmd_1+691>:  cmpl   $0x0,0x10(%ebp)
0x080b611a <lookup_cmd_1+695>:  je     0x80b6124 <lookup_cmd_1+705>
0x080b611c <lookup_cmd_1+697>:  mov    0x10(%ebp),%edx
0x080b611f <lookup_cmd_1+700>:  mov    0xc(%ebp),%eax
0x080b6122 <lookup_cmd_1+703>:  mov    %eax,(%edx)
0x080b6124 <lookup_cmd_1+705>:  mov    0xffffffe8(%ebp),%eax
0x080b6127 <lookup_cmd_1+708>:  mov    %eax,0xffffffd8(%ebp)
0x080b612a <lookup_cmd_1+711>:  jmp    0x80b616c <lookup_cmd_1+777>
0x080b612c <lookup_cmd_1+713>:  cmpl   $0xffffffff,0xffffffe4(%ebp)
0x080b6130 <lookup_cmd_1+717>:  jne    0x80b6150 <lookup_cmd_1+749>
0x080b6132 <lookup_cmd_1+719>:  cmpl   $0x0,0x10(%ebp)
0x080b6136 <lookup_cmd_1+723>:  je     0x80b6148 <lookup_cmd_1+741>
0x080b6138 <lookup_cmd_1+725>:  mov    0x10(%ebp),%eax
0x080b613b <lookup_cmd_1+728>:  cmpl   $0x0,(%eax)
0x080b613e <lookup_cmd_1+731>:  jne    0x80b6148 <lookup_cmd_1+741>
0x080b6140 <lookup_cmd_1+733>:  mov    0x10(%ebp),%edx
0x080b6143 <lookup_cmd_1+736>:  mov    0xffffffe8(%ebp),%eax
0x080b6146 <lookup_cmd_1+739>:  mov    %eax,(%edx)
0x080b6148 <lookup_cmd_1+741>:  mov    0xffffffe4(%ebp),%eax
0x080b614b <lookup_cmd_1+744>:  mov    %eax,0xffffffd8(%ebp)
0x080b614e <lookup_cmd_1+747>:  jmp    0x80b616c <lookup_cmd_1+777>
0x080b6150 <lookup_cmd_1+749>:  mov    0xffffffe4(%ebp),%eax
0x080b6153 <lookup_cmd_1+752>:  mov    %eax,0xffffffd8(%ebp)
0x080b6156 <lookup_cmd_1+755>:  jmp    0x80b616c <lookup_cmd_1+777>
0x080b6158 <lookup_cmd_1+757>:  cmpl   $0x0,0x10(%ebp)
0x080b615c <lookup_cmd_1+761>:  je     0x80b6166 <lookup_cmd_1+771>
0x080b615e <lookup_cmd_1+763>:  mov    0x10(%ebp),%edx
0x080b6161 <lookup_cmd_1+766>:  mov    0xc(%ebp),%eax
0x080b6164 <lookup_cmd_1+769>:  mov    %eax,(%edx)
0x080b6166 <lookup_cmd_1+771>:  mov    0xffffffe8(%ebp),%eax
0x080b6169 <lookup_cmd_1+774>:  mov    %eax,0xffffffd8(%ebp)
0x080b616c <lookup_cmd_1+777>:  mov    0xffffffd8(%ebp),%eax
0x080b616f <lookup_cmd_1+780>:  leave
0x080b6170 <lookup_cmd_1+781>:  ret
End of assembler dump.
gdb>

Heh never thought I'll debug core produced by gdb with itself :)

Additions system information:
$ emerge info
Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5-20050130-vanilla, glibc-2.3.4.20041102-r1, 2.6.11-gentoo-r11 i686)
=================================================================
System uname: 2.6.11-gentoo-r11 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz
Gentoo Base System version 1.6.12
Python:              dev-lang/python-2.3.5 [2.3.5 (#1, May  6 2005, 12:55:31)]
dev-lang/python:     2.3.5
sys-apps/sandbox:    1.2.9
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.7.9, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r10, 2.15.92.0.2-r1, 2.16-r1
sys-devel/libtool:   1.5.16
virtual/os-headers:  2.6.11-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=prescott -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/bind /var/qmail/control /var/service"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=prescott -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo ftp://ftp.du.se/pub/os/gentoo http://trumpetti.atm.tut.fi/gentoo/ ftp://mirrors1.netvisao.pt/gentoo/ http://www.gigaload.org/gentoo.org/"
LANG="ru_RU.cp1251"
LINGUAS="en ru"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/overlays/my /usr/local/overlays/bmg-main"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X aalib acl activefilter alsa apache2 apm arts artswrappersuid audiofile avi bash-completion berkdb bitmap-fonts caps cdparanoia cdr crypt cups curl dba dhcp directfb divx4linux divxforlinux doc dvd dvdr dvdread eds emboss encode erandom esd fam fbcon flac font-server foomaticdb fortran gd gd-external gdbm gif gnokii gnome gphoto2 gpm gstreamer gtk gtk2 guile hal hardened imagemagick imlib innodb ipv6 jack java jpeg junit kde kerberos ldap libclamav libg++ libwww lirc lm_sensors logrotate mad mbox mikmod milter mime mmap mmx mmxext motif mp3 mpeg mppe-mppc multislot mysql ncurses nls nptl ntlm ogg oggvorbis opengl oss pam pda pdflib perl pic png portaudio povray procmail python qt quicktime quotas rdesktop readline real recode reiserfs ruby samba sasl scanner sdl sftplogging slang slp snmp socks5 speex spell sse sse2 ssl svga tcltk tcpd tetex theora threads tiff truetype truetype-fonts type1-fonts usb v4l v4l2 vorbis wifi win32codecs winbind wmf xine xinerama xml xml2 xmms xscreensaver xv xvid zlib linguas_en linguas_ru userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CBUILD, CTARGET, LC_ALL, LDFLAGS
Comment 1 spiritus 2005-07-15 11:32:30 UTC 
The segfault is due found->prefixlist pointer dereference because
found->prefixlist==0x21 is invalid address.

gdb> list 1077
1072        }
1073      /* If we found a prefix command, keep looking.  */
1074
1075      if (found->prefixlist)
1076        {
1077          c = lookup_cmd_1 (text, *found->prefixlist, result_list,
1078                            ignore_help_classes);
1079          if (!c)
1080            {
1081              /* Didn't find anything; this is as far as we got.  */
gdb> x/x found
0x8305bc8:      0x00736964
gdb> x/x *found
Value can't be converted to integer.
gdb> x/x found
0x8305bc8:      0x00736964
gdb> print found
$1 = (struct cmd_list_element *) 0x8305bc8
gdb> print *found
$2 = {next = 0x736964, name = 0x80d565f "U\211&#1077;&#1047;\005\020\005-\b", class =
class_deprecated, func = 0x19, function = {cfunc = 0, sfunc = 0}, context =
0x8302c28, doc = 0x0, flags = 0x0, replacement = 0x0, pre_show_hook = 0x11,
hook_pre = 0x69637361, hook_post = 0x68635f69, hook_in = 0x7261, prefixlist =
0x21, prefixname = 0x6e697250 <Address 0x6e697250 out of bounds>, allow_unknown
= 0x74, abbrev_flag = 0x20, completer = 0x64616572, type = 1852383347, var =
0x72617420, var_type = 7628135, enums = 0x0, user_commands = 0x11, hookee_pre =
0x47320075, hookee_post = 0x4732c7e8, cmd_pointer = 0x10}
gdb>
Comment 2 SpanKY gentoo-dev 2005-07-15 14:49:19 UTC 
can youcheck that gdb-6.3-r4 fails if you build it with USE=vanilla ? 
USE=vanilla will prevent all patches from being applied and basically just give
you the same thing as if you unpacked the original tarball and built/installed
it yourself ...
Comment 3 spiritus 2005-07-15 21:13:31 UTC 
After reemerging gdb with
CFLAGS="-pipe -ggdb3" USE="debug vanilla" FEATURES=nostrip emerge gdb
it continues to segfault at the same place in lookup_cmd_1() each time "help t"
command given if there is standard .gdbinit file in the home directory.

It seems there is an overflow somewhere that's why "found" structure has been
overwriten:

gdb> x/50c found
0x83256d8:      0 '\0'  0 '\0'  0 '\0'  0 '\0'  16 '\020'       87 'W'  50 '2' 
8 '\b'
0x83256e0:      0 '\0'  0 '\0'  0 '\0'  0 '\0'  0 '\0'  0 '\0'  0 '\0'  0 '\0'
0x83256e8:      0 '\0'  0 '\0'  0 '\0'  0 '\0'  33 '!'  0 '\0'  0 '\0'  0 '\0'
0x83256f0:      80 'P'  114 'r' 105 'i' 110 'n' 116 't' 32 ' '  116 't' 104 'h'
0x83256f8:      114 'r' 101 'e' 97 'a'  100 'd' 115 's' 32 ' '  105 'i' 110 'n'
0x8325700:      32 ' '  116 't' 97 'a'  114 'r' 103 'g' 101 'e' 116 't' 0 '\0'
0x8325708:      0 '\0'  0 '\0'
Comment 4 SpanKY gentoo-dev 2005-07-15 21:41:52 UTC 
ok, well i hate to do this to you since you've put a lot of work into this, but
we just dont have anyone in Gentoo with real gdb knowledge ...

that means i'm gonna have to ask you to file a bug upstream:
http://sources.redhat.com/cgi-bin/gnatsweb.pl

sorry :/
Comment 5 spiritus 2005-07-16 22:53:34 UTC 
ok, not a problem