public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug debug/106996] New: SIGSEGV in mapping_symbol_for_insn
@ 2022-09-21  8:20 nickkirkby at protonmail dot ch
  2022-09-21  9:15 ` [Bug debug/106996] " rguenth at gcc dot gnu.org
  2022-09-21 11:47 ` nickkirkby at protonmail dot ch
  0 siblings, 2 replies; 3+ messages in thread
From: nickkirkby at protonmail dot ch @ 2022-09-21  8:20 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106996

            Bug ID: 106996
           Summary: SIGSEGV in mapping_symbol_for_insn
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: debug
          Assignee: unassigned at gcc dot gnu.org
          Reporter: nickkirkby at protonmail dot ch
  Target Milestone: ---

running `disassemble` on a certain function "HAL_ADCCalcValuesFast" in an
armv7le elf results in a SIGSEGV on gdb 12.0, 12.1 and 13.0.50

I built gdb 13.0.50 from source to get the following backtrace:

Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
0x000055555622616a in mapping_symbol_for_insn (During symbol reading:
incomplete CFI data; unspecified registers (e.g., rax) at 0x555556226181
During symbol reading: .debug_rnglists entry has start address of zero [in
module /home/user/repos/gdb-13.0.50.20220920/build/gdb/gdb]
During symbol reading: .debug_line address at offset 0x2511c7 is 0 [in module
/home/user/repos/gdb-13.0.50.20220920/build/gdb/gdb]
During symbol reading: unsupported tag: 'DW_TAG_unspecified_type'
During symbol reading: Member function "~_Sp_counted_base" (offset 0x1ceaf15)
is virtual but the vtable offset is not specified
During symbol reading: No DW_FORM_block* DW_AT_call_value for DW_TAG_call_site
child DIE 0x1d0ff23 [in module
/home/user/repos/gdb-13.0.50.20220920/build/gdb/gdb]
pc=pc@entry=68022, info=info@entry=0x7fffffffd1c8,
map_symbol=map_symbol@entry=0x7fffffffcf28) at ../../opcodes/arm-dis.c:11868
11868         || bfd_asymbol_flavour (*info->symtab) != bfd_target_elf_flavour)


(top-gdb) p info->symtab
$2 = (asymbol **) 0x0

The symtab is null.

the suspect function "HAL_ADCCalcValuesFast" disassembles fine with
`arm-none-eabi-objdump`: 

```
000109b8 <HAL_ADCCalcValuesFast>:
   109b8:       b5f8            push    {r3, r4, r5, r6, r7, lr}
   109ba:       460e            mov     r6, r1
   109bc:       4614            mov     r4, r2
   109be:       4607            mov     r7, r0
   109c0:       b108            cbz     r0, 109c6 <HAL_ADCCalcValuesFast+0xe>
   109c2:       b101            cbz     r1, 109c6 <HAL_ADCCalcValuesFast+0xe>
   109c4:       b932            cbnz    r2, 109d4 <HAL_ADCCalcValuesFast+0x1c>
   109c6:       4b1a            ldr     r3, [pc, #104]  ; (10a30
<HAL_ADCCalcValuesFast+0x78>)
   109c8:       4a1a            ldr     r2, [pc, #104]  ; (10a34
<HAL_ADCCalcValuesFast+0x7c>)
   109ca:       481b            ldr     r0, [pc, #108]  ; (10a38
<HAL_ADCCalcValuesFast+0x80>)
   109cc:       f44f 719c       mov.w   r1, #312        ; 0x138
   109d0:       f006 fd5a       bl      17488 <__assert_func>
   109d4:       4d19            ldr     r5, [pc, #100]  ; (10a3c
<HAL_ADCCalcValuesFast+0x84>)
   109d6:       4628            mov     r0, r5
   109d8:       f7ff ff48       bl      1086c <HAL_ADCGetRaw>
   109dc:       882a            ldrh    r2, [r5, #0]
   109de:       4b18            ldr     r3, [pc, #96]   ; (10a40
<HAL_ADCCalcValuesFast+0x88>)
   109e0:       ee07 2a10       vmov    s14, r2
   109e4:       edd3 6a06       vldr    s13, [r3, #24]
   109e8:       edd3 7a07       vldr    s15, [r3, #28]
   109ec:       886a            ldrh    r2, [r5, #2]
   109ee:       eeb8 7ac7       vcvt.f32.s32    s14, s14
   109f2:       eee6 7a87       vfma.f32        s15, s13, s14
   109f6:       ee07 2a10       vmov    s14, r2
   109fa:       edc7 7a00       vstr    s15, [r7]
   109fe:       edd3 6a04       vldr    s13, [r3, #16]
   10a02:       edd3 7a05       vldr    s15, [r3, #20]
   10a06:       88aa            ldrh    r2, [r5, #4]
   10a08:       eeb8 7ac7       vcvt.f32.s32    s14, s14
   10a0c:       eee6 7a87       vfma.f32        s15, s13, s14
   10a10:       ee07 2a10       vmov    s14, r2
   10a14:       edc6 7a00       vstr    s15, [r6]
   10a18:       edd3 6a00       vldr    s13, [r3]
   10a1c:       edd3 7a01       vldr    s15, [r3, #4]
   10a20:       eeb8 7ac7       vcvt.f32.s32    s14, s14
   10a24:       eee6 7a87       vfma.f32        s15, s13, s14
   10a28:       edc4 7a00       vstr    s15, [r4]
   10a2c:       bdf8            pop     {r3, r4, r5, r6, r7, pc}
   10a2e:       bf00            nop
   10a30:       0001a09b        muleq   r1, fp, r0
   10a34:       0001a0d0        ldrdeq  sl, [r1], -r0
   10a38:       0001a039        andeq   sl, r1, r9, lsr r0
   10a3c:       1fffc58a        svcne   0x00ffc58a
   10a40:       14000554        strne   r0, [r0], #-1364        ; 0xfffffaac
```

running `disassemble` under gdb doesn't crash on all functions. `disassemble
main` works fine, but doing so doesn't call the above function
`mapping_symbol_for_insn`.

I compiled the library containing the suspect function `HAL_ADCCalcValuesFast`
for another armv7m target and found that `HAL_ADCCalcValuesFast` *could* be
disassembled under gdb. It also doesn't call the above function
`mapping_symbol_for_insn`.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug debug/106996] SIGSEGV in mapping_symbol_for_insn
  2022-09-21  8:20 [Bug debug/106996] New: SIGSEGV in mapping_symbol_for_insn nickkirkby at protonmail dot ch
@ 2022-09-21  9:15 ` rguenth at gcc dot gnu.org
  2022-09-21 11:47 ` nickkirkby at protonmail dot ch
  1 sibling, 0 replies; 3+ messages in thread
From: rguenth at gcc dot gnu.org @ 2022-09-21  9:15 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106996

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
isn't that a gdb issue then?

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug debug/106996] SIGSEGV in mapping_symbol_for_insn
  2022-09-21  8:20 [Bug debug/106996] New: SIGSEGV in mapping_symbol_for_insn nickkirkby at protonmail dot ch
  2022-09-21  9:15 ` [Bug debug/106996] " rguenth at gcc dot gnu.org
@ 2022-09-21 11:47 ` nickkirkby at protonmail dot ch
  1 sibling, 0 replies; 3+ messages in thread
From: nickkirkby at protonmail dot ch @ 2022-09-21 11:47 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106996

nickkirkby at protonmail dot ch changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |MOVED
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #2 from nickkirkby at protonmail dot ch ---
(In reply to Richard Biener from comment #1)
> isn't that a gdb issue then?

It is. Sorry about that. I'm using the wrong bug tracker. I will attach a link
to the sourceware bug tracker ASAP.

In the meantime, I have a patch that resolves this issue (NULL check):

arm-dis.c:11867

  if (info->private_data == NULL
      || info->symtab == NULL || bfd_asymbol_flavour (*info->symtab) !=
bfd_target_elf_flavour)
    return false;

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-09-21 11:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-21  8:20 [Bug debug/106996] New: SIGSEGV in mapping_symbol_for_insn nickkirkby at protonmail dot ch
2022-09-21  9:15 ` [Bug debug/106996] " rguenth at gcc dot gnu.org
2022-09-21 11:47 ` nickkirkby at protonmail dot ch

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).