[PATCH] Fix segfault in ltpy_iternext() when symtab has no linetable.

[PATCH] Fix segfault in ltpy_iternext() when symtab has no linetable.

[Toby Lloyd Davies]

SYMTAB_LINETABLE (symtab) is set to NULL in
buildsym_compunit::end_symtab_with_blockvector() if the symtab has no
linetable. Attempting to iterate over this linetable using the Python
API caused GDB to segfault.

gdb/ChangeLog:

        * python/py-linetable.c (ltpy_iternext): Fix segfault when
        there is no linetable.
---
 gdb/python/py-linetable.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gdb/python/py-linetable.c b/gdb/python/py-linetable.c
index e989204a7f5..b7f1269841a 100644
--- a/gdb/python/py-linetable.c
+++ b/gdb/python/py-linetable.c
@@ -399,7 +399,8 @@ ltpy_iternext (PyObject *self)
 
   LTPY_REQUIRE_VALID (iter_obj->source, symtab);
 
-  if (iter_obj->current_index >= SYMTAB_LINETABLE (symtab)->nitems)
+  if (SYMTAB_LINETABLE (symtab) == NULL ||
+      iter_obj->current_index >= SYMTAB_LINETABLE (symtab)->nitems)
     {
       PyErr_SetNone (PyExc_StopIteration);
       return NULL;
-- 
2.29.2

Re: [PATCH] Fix segfault in ltpy_iternext() when symtab has no linetable.

[Tom Tromey]

>>>>> "Toby" == Toby Lloyd Davies via Gdb-patches <gdb-patches@sourceware.org> writes:

Toby> SYMTAB_LINETABLE (symtab) is set to NULL in
Toby> buildsym_compunit::end_symtab_with_blockvector() if the symtab has no
Toby> linetable. Attempting to iterate over this linetable using the Python
Toby> API caused GDB to segfault.

Thank you for the patch.

It is essentially fine, I just had a small nit.
Also I am wonder if it's possible to write a test case for this.

Toby> -  if (iter_obj->current_index >= SYMTAB_LINETABLE (symtab)->nitems)
Toby> +  if (SYMTAB_LINETABLE (symtab) == NULL ||
Toby> +      iter_obj->current_index >= SYMTAB_LINETABLE (symtab)->nitems)

In the GDB/GNU style, the "||" comes at the start of the next line.

Tom

[PATCH v2] Fix segfault in ltpy_iternext() when symtab has no linetable.

[Toby Lloyd Davies]

SYMTAB_LINETABLE (symtab) is set to NULL in
buildsym_compunit::end_symtab_with_blockvector() if the symtab has no
linetable. Attempting to iterate over this linetable using the Python
API caused GDB to segfault.

Add test of Python API linetable methods on an empty linetable.

gdb/ChangeLog:

        * python/py-linetable.c (ltpy_iternext): Fix segfault when
        there is no linetable.

gdb/testsuite/ChangeLog:

        * gdb.python/py-linetable-empty-main-body.h: New test.
        * gdb.python/py-linetable-empty.S: New test.
        * gdb.python/py-linetable-empty.c: New test.
        * gdb.python/py-linetable-empty.exp: New test.
---
 gdb/python/py-linetable.c                     |   3 +-
 .../gdb.python/py-linetable-empty-main-body.h |  20 ++
 gdb/testsuite/gdb.python/py-linetable-empty.S | 183 ++++++++++++++++++
 gdb/testsuite/gdb.python/py-linetable-empty.c |  20 ++
 .../gdb.python/py-linetable-empty.exp         |  62 ++++++
 5 files changed, 287 insertions(+), 1 deletion(-)
 create mode 100644 gdb/testsuite/gdb.python/py-linetable-empty-main-body.h
 create mode 100644 gdb/testsuite/gdb.python/py-linetable-empty.S
 create mode 100644 gdb/testsuite/gdb.python/py-linetable-empty.c
 create mode 100644 gdb/testsuite/gdb.python/py-linetable-empty.exp

diff --git a/gdb/python/py-linetable.c b/gdb/python/py-linetable.c
index e989204a7f5..6daf97ae356 100644
--- a/gdb/python/py-linetable.c
+++ b/gdb/python/py-linetable.c
@@ -399,7 +399,8 @@ ltpy_iternext (PyObject *self)
 
   LTPY_REQUIRE_VALID (iter_obj->source, symtab);
 
-  if (iter_obj->current_index >= SYMTAB_LINETABLE (symtab)->nitems)
+  if (SYMTAB_LINETABLE (symtab) == NULL
+      || iter_obj->current_index >= SYMTAB_LINETABLE (symtab)->nitems)
     {
       PyErr_SetNone (PyExc_StopIteration);
       return NULL;
diff --git a/gdb/testsuite/gdb.python/py-linetable-empty-main-body.h b/gdb/testsuite/gdb.python/py-linetable-empty-main-body.h
new file mode 100644
index 00000000000..bac1c2a1a01
--- /dev/null
+++ b/gdb/testsuite/gdb.python/py-linetable-empty-main-body.h
@@ -0,0 +1,20 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2021 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+{
+  return 0;
+}
diff --git a/gdb/testsuite/gdb.python/py-linetable-empty.S b/gdb/testsuite/gdb.python/py-linetable-empty.S
new file mode 100644
index 00000000000..4cf51d5ad39
--- /dev/null
+++ b/gdb/testsuite/gdb.python/py-linetable-empty.S
@@ -0,0 +1,183 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2021 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+	.file	"py-linetable-empty.c"
+	.text
+.Ltext0:
+	.globl	main
+	.type	main, @function
+main:
+.LFB0:
+	.file 1 "./py-linetable-empty-main-body.h"
+	# ./py-linetable-empty-main-body.h:18:1
+	.loc 1 18 1
+	.cfi_startproc
+	endbr64
+# BLOCK 2 seq:0
+# PRED: ENTRY (FALLTHRU)
+	pushq	%rbp
+	.cfi_def_cfa_offset 16
+	.cfi_offset 6, -16
+	movq	%rsp, %rbp
+	.cfi_def_cfa_register 6
+	# ./py-linetable-empty-main-body.h:19:10
+	.loc 1 19 10
+	movl	$0, %eax
+	# ./py-linetable-empty-main-body.h:20:1
+	.loc 1 20 1
+	popq	%rbp
+	.cfi_def_cfa 7, 8
+# SUCC: EXIT [always] 
+	ret
+	.cfi_endproc
+.LFE0:
+	.size	main, .-main
+.Letext0:
+	.file 2 "py-linetable-empty.c"
+	.section	.debug_info,"",@progbits
+.Ldebug_info0:
+	.long	0x4f	# Length of Compilation Unit Info
+	.value	0x4	# DWARF version number
+	.long	.Ldebug_abbrev0	# Offset Into Abbrev. Section
+	.byte	0x8	# Pointer Size (in bytes)
+	.uleb128 0x1	# (DIE (0xb) DW_TAG_compile_unit)
+	.long	.LASF0	# DW_AT_producer: "GNU C17 9.3.0 -mtune=generic -march=x86-64 -g -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -fcf-protection"
+	.byte	0xc	# DW_AT_language
+	.long	.LASF1	# DW_AT_name: "py-linetable-empty.c"
+	.long	.LASF2	# DW_AT_comp_dir: ""
+	.quad	.Ltext0	# DW_AT_low_pc
+	.quad	.Letext0-.Ltext0	# DW_AT_high_pc
+	.long	.Ldebug_line0	# DW_AT_stmt_list
+	.uleb128 0x2	# (DIE (0x2d) DW_TAG_subprogram)
+			# DW_AT_external
+	.long	.LASF3	# DW_AT_name: "main"
+	.byte	0x2	# DW_AT_decl_file (py-linetable-empty.c)
+	.byte	0x13	# DW_AT_decl_line
+	.byte	0x1	# DW_AT_decl_column
+			# DW_AT_prototyped
+	.long	0x4b	# DW_AT_type
+	.quad	.LFB0	# DW_AT_low_pc
+	.quad	.LFE0-.LFB0	# DW_AT_high_pc
+	.uleb128 0x1	# DW_AT_frame_base
+	.byte	0x9c	# DW_OP_call_frame_cfa
+			# DW_AT_GNU_all_call_sites
+	.uleb128 0x3	# (DIE (0x4b) DW_TAG_base_type)
+	.byte	0x4	# DW_AT_byte_size
+	.byte	0x5	# DW_AT_encoding
+	.ascii "int\0"	# DW_AT_name
+	.byte	0	# end of children of DIE 0xb
+	.section	.debug_abbrev,"",@progbits
+.Ldebug_abbrev0:
+	.uleb128 0x1	# (abbrev code)
+	.uleb128 0x11	# (TAG: DW_TAG_compile_unit)
+	.byte	0x1	# DW_children_yes
+	.uleb128 0x25	# (DW_AT_producer)
+	.uleb128 0xe	# (DW_FORM_strp)
+	.uleb128 0x13	# (DW_AT_language)
+	.uleb128 0xb	# (DW_FORM_data1)
+	.uleb128 0x3	# (DW_AT_name)
+	.uleb128 0xe	# (DW_FORM_strp)
+	.uleb128 0x1b	# (DW_AT_comp_dir)
+	.uleb128 0xe	# (DW_FORM_strp)
+	.uleb128 0x11	# (DW_AT_low_pc)
+	.uleb128 0x1	# (DW_FORM_addr)
+	.uleb128 0x12	# (DW_AT_high_pc)
+	.uleb128 0x7	# (DW_FORM_data8)
+	.uleb128 0x10	# (DW_AT_stmt_list)
+	.uleb128 0x17	# (DW_FORM_sec_offset)
+	.byte	0
+	.byte	0
+	.uleb128 0x2	# (abbrev code)
+	.uleb128 0x2e	# (TAG: DW_TAG_subprogram)
+	.byte	0	# DW_children_no
+	.uleb128 0x3f	# (DW_AT_external)
+	.uleb128 0x19	# (DW_FORM_flag_present)
+	.uleb128 0x3	# (DW_AT_name)
+	.uleb128 0xe	# (DW_FORM_strp)
+	.uleb128 0x3a	# (DW_AT_decl_file)
+	.uleb128 0xb	# (DW_FORM_data1)
+	.uleb128 0x3b	# (DW_AT_decl_line)
+	.uleb128 0xb	# (DW_FORM_data1)
+	.uleb128 0x39	# (DW_AT_decl_column)
+	.uleb128 0xb	# (DW_FORM_data1)
+	.uleb128 0x27	# (DW_AT_prototyped)
+	.uleb128 0x19	# (DW_FORM_flag_present)
+	.uleb128 0x49	# (DW_AT_type)
+	.uleb128 0x13	# (DW_FORM_ref4)
+	.uleb128 0x11	# (DW_AT_low_pc)
+	.uleb128 0x1	# (DW_FORM_addr)
+	.uleb128 0x12	# (DW_AT_high_pc)
+	.uleb128 0x7	# (DW_FORM_data8)
+	.uleb128 0x40	# (DW_AT_frame_base)
+	.uleb128 0x18	# (DW_FORM_exprloc)
+	.uleb128 0x2117	# (DW_AT_GNU_all_call_sites)
+	.uleb128 0x19	# (DW_FORM_flag_present)
+	.byte	0
+	.byte	0
+	.uleb128 0x3	# (abbrev code)
+	.uleb128 0x24	# (TAG: DW_TAG_base_type)
+	.byte	0	# DW_children_no
+	.uleb128 0xb	# (DW_AT_byte_size)
+	.uleb128 0xb	# (DW_FORM_data1)
+	.uleb128 0x3e	# (DW_AT_encoding)
+	.uleb128 0xb	# (DW_FORM_data1)
+	.uleb128 0x3	# (DW_AT_name)
+	.uleb128 0x8	# (DW_FORM_string)
+	.byte	0
+	.byte	0
+	.byte	0
+	.section	.debug_aranges,"",@progbits
+	.long	0x2c	# Length of Address Ranges Info
+	.value	0x2	# DWARF aranges version
+	.long	.Ldebug_info0	# Offset of Compilation Unit Info
+	.byte	0x8	# Size of Address
+	.byte	0	# Size of Segment Descriptor
+	.value	0	# Pad to 16 byte boundary
+	.value	0
+	.quad	.Ltext0	# Address
+	.quad	.Letext0-.Ltext0	# Length
+	.quad	0
+	.quad	0
+	.section	.debug_line,"",@progbits
+.Ldebug_line0:
+	.section	.debug_str,"MS",@progbits,1
+.LASF0:
+	.string	"GNU C17 9.3.0 -mtune=generic -march=x86-64 -g -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -fcf-protection"
+.LASF2:
+	.string	""
+.LASF3:
+	.string	"main"
+.LASF1:
+	.string	"py-linetable-empty.c"
+	.ident	"GCC: (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0"
+	.section	.note.GNU-stack,"",@progbits
+	.section	.note.gnu.property,"a"
+	.align 8
+	.long	 1f - 0f
+	.long	 4f - 1f
+	.long	 5
+0:
+	.string	 "GNU"
+1:
+	.align 8
+	.long	 0xc0000002
+	.long	 3f - 2f
+2:
+	.long	 0x3
+3:
+	.align 8
+4:
diff --git a/gdb/testsuite/gdb.python/py-linetable-empty.c b/gdb/testsuite/gdb.python/py-linetable-empty.c
new file mode 100644
index 00000000000..e0fc00b51f7
--- /dev/null
+++ b/gdb/testsuite/gdb.python/py-linetable-empty.c
@@ -0,0 +1,20 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2021 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+int
+main (void)
+#include "./py-linetable-empty-main-body.h"
diff --git a/gdb/testsuite/gdb.python/py-linetable-empty.exp b/gdb/testsuite/gdb.python/py-linetable-empty.exp
new file mode 100644
index 00000000000..a00e929a17a
--- /dev/null
+++ b/gdb/testsuite/gdb.python/py-linetable-empty.exp
@@ -0,0 +1,62 @@
+# Copyright 2021 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Test Python API linetable methods on an empty linetable.
+
+load_lib gdb-python.exp
+standard_testfile .S
+
+if [info exists COMPILE] {
+    # make check RUNTESTFLAGS="gdb.python/py-linetable-empty.exp COMPILE=1"
+    standard_testfile
+} elseif { ![istarget x86_64-*-* ] || ![is_lp64_target] } {
+    verbose "Skipping ${testfile}."
+    return
+}
+
+if { [prepare_for_testing "failed to prepare" \
+	${testfile} ${srcfile}] } {
+    return
+}
+
+if { ![runto_main] } {
+    untested "could not run to main"
+    return
+}
+
+# Skip all tests if Python scripting is not enabled.
+if { [skip_python_tests] } { continue }
+
+# Get the linetable for main's symbol table. This is empty as
+# main's body was included from another file.
+gdb_py_test_silent_cmd "python lt = gdb.selected_frame().function().symtab.linetable()" \
+    "get linetable" 0
+
+gdb_test "python print(lt.is_valid())" "True" \
+	"Test linetable is valid"
+
+gdb_test "python print(lt.line(1))" "None" \
+	"Test line() returns None"
+
+gdb_test "python print(lt.has_line(1))" \
+	".*RuntimeError: Linetable information not found in symbol table.*" \
+	"Test has_line() throws exception"
+
+gdb_test "python print(lt.source_lines())" \
+	".*RuntimeError: Linetable information not found in symbol table.*" \
+	"Test source_lines() throws exception"
+
+gdb_test "python print(list(lt))" "\\\[\\\]" \
+	"Test iterating over linetable"
-- 
2.25.1