[Bug libgcc/66874] New: RFE: x86_64_fallback_frame_state more robust

[Bug libgcc/66874] New: RFE: x86_64_fallback_frame_state more robust

[jreiser at bitwagon dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66874

            Bug ID: 66874
           Summary: RFE: x86_64_fallback_frame_state more robust
           Product: gcc
           Version: 5.1.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libgcc
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jreiser at bitwagon dot com
  Target Milestone: ---

In libgcc/config/i386/linux-unwind.h function x86_64_fallback_frame_state()
please check the value of pc before accessing memory in the statement:
-----
  unsigned char *pc = context->ra;
      // snip
  if (*(unsigned char *)(pc+0) == 0x48
      && *(unsigned long long *)(pc+1) == RT_SIGRETURN_SYSCALL)
-----
I have seen pc values of 0, 2, 0xffffffff, etc due to missing or incorrect
debug info, particularly when the code that is being unwound was compiled with
no frame pointer, or was compiled by other compilers.  The result is SIGSEGV,
which is a major disappointment.

I suggest a check in the spirit of:
    if ((unsigned long)pc < 4096)
         return _URC_END_OF_STACK;
or similar.  Obviously this is heuristic, but it is much better than SIGSEGV.

[Bug libgcc/66874] RFE: x86_64_fallback_frame_state more robust

[hjl.tools at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66874

H.J. Lu <hjl.tools at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2015-07-15
                 CC|                            |hjl.tools at gmail dot com
     Ever confirmed|0                           |1

--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> ---
I have seen bogus PC like 0xffffffb2 on i386:

https://sourceware.org/bugzilla/show_bug.cgi?id=18635

[Bug target/66874] RFE: x86_64_fallback_frame_state more robust

[sjames at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66874

Sam James <sjames at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |arsen at gcc dot gnu.org

--- Comment #2 from Sam James <sjames at gcc dot gnu.org> ---
I've been going crazy hitting this recently (see e.g.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114068#c2).

pinskia pointed me here and I fear I might be hitting this as a result of dwz
optimised debug info on gcc (as it's the only recent change I can think of).

Anyway, this seems to help indeed:

--- a/libgcc/config/i386/linux-unwind.h
+++ b/libgcc/config/i386/linux-unwind.h
@@ -60,6 +60,11 @@ x86_64_fallback_frame_state (struct _Unwind_Context
*context,
 #else
 #define RT_SIGRETURN_SYSCALL   0x050f40000201c0c7ULL
 #endif
+
+  /* Defend against corrupted PC, PR66874 */
+  if ((unsigned long)pc < 4096)
+    return _URC_END_OF_STACK;
+
   if (*(unsigned char *)(pc+0) == 0x48
       && *(unsigned long long *)(pc+1) == RT_SIGRETURN_SYSCALL)
     {

I've only shoved it in quickly to be able to debug something else so it's not
really ready to submit.

[Bug target/66874] RFE: x86_64_fallback_frame_state more robust

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66874

Jakub Jelinek <jakub at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jakub at gcc dot gnu.org

--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
(In reply to Sam James from comment #2)
> I've been going crazy hitting this recently (see e.g.
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114068#c2).
> 
> pinskia pointed me here and I fear I might be hitting this as a result of
> dwz optimised debug info on gcc (as it's the only recent change I can think
> of).

How could dwz have anything to do with this?  The libgcc unwinder works on
.eh_frame sections.  dwz only ever modifies .debug_* sections (and
.gnu_debugaltlink and
perhaps throws away .gdb_index), all non-allocatable sections which the libgcc
unwinder never touches.

[Bug target/66874] RFE: x86_64_fallback_frame_state more robust

[sjames at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66874

--- Comment #4 from Sam James <sjames at gcc dot gnu.org> ---
I was just going off "incorrect debug info" in comment 0 given it's the only
thing I changed recently. If not, then I've got no idea.

If I were sure it were dwz, I'd file a bug there ;)

[Bug target/66874] RFE: x86_64_fallback_frame_state more robust

[schwab@linux-m68k.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66874

--- Comment #5 from Andreas Schwab <schwab@linux-m68k.org> ---
If the unwinder crashes you have either incorrect unwind info or a corrupted
stack.  Neither should be papered over.

[Bug target/66874] RFE: x86_64_fallback_frame_state more robust

[sjames at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66874

--- Comment #6 from Sam James <sjames at gcc dot gnu.org> ---
Pretty sure my issue is indeed PR114116.