From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by sourceware.org (Postfix) with ESMTPS id 9050E3858D32 for ; Tue, 5 Sep 2023 15:03:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9050E3858D32 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id C6DC021BEA for ; Tue, 5 Sep 2023 15:03:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1693926227; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=btfzgYIDobALL3+78TQlr3HBcZiNVsI3I8rI9dch9SM=; b=VbZuJZy4KL48Nm75EWEWyqf1mDLiGSEvwYGgKZHE7By7zOhSyU9DdXbMVoZK7R9c0FFvIA Q7aSVYpAj4GE+Dlh+NRlUDRpWcz39JeQvfIqZTloqcYu3vuZXB/e8Nxy+u9nx4AhFpUSYg /eMXGNMUMcD/wHE1CMfLqxo9UmP34AQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1693926227; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=btfzgYIDobALL3+78TQlr3HBcZiNVsI3I8rI9dch9SM=; b=uNstrrATQBflpB8CvpEC9cWErTc2eV6lcrMGfF+7M/d/ZCeKOG6YMXljru6jUbKZAGzMnT 7Wsx2Np8m888/5Dw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id AC65E13911 for ; Tue, 5 Sep 2023 15:03:47 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id eiRgKFND92T2bAAAMHmgww (envelope-from ) for ; Tue, 05 Sep 2023 15:03:47 +0000 From: Tom de Vries To: gdb-patches@sourceware.org Subject: [PATCH 1/2] [gdb/tui] Fix segfault in tui_find_disassembly_address Date: Tue, 5 Sep 2023 17:03:38 +0200 Message-Id: <20230905150339.6452-1-tdevries@suse.de> X-Mailer: git-send-email 2.35.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: PR29040 describes a FAIL for test-case gdb.threads/next-fork-other-thread.exp and target board unix/-m32. The FAIL happens due to the test executable running into an assert, which is caused by a forked child segfaulting, like so: ... Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00000000 in ?? () ... I tried to reproduce the segfault with exec next-fork-other-thread-fork, using TUI layout asm. I set a breakpoint at fork and ran to the breakpoint, and somewhere during the following session I ran into a gdb segfault here in tui_find_disassembly_address: ... /* Disassemble forward. */ next_addr = tui_disassemble (gdbarch, asm_lines, new_low, max_lines); last_addr = asm_lines.back ().addr; ... due to asm_lines being empty after the call to tui_disassemble, while asm_lines.back () assumes that it's not empty. I have not been able to reproduce that segfault in that original setting, I'm not sure of the exact scenario (though looking back it probably involved "set detach-on-fork off"). What likely happened is that I managed to reproduce PR29040, and TUI (attempted to) display the disassembly for address 0, which led to the gdb segfault. When gdb_print_insn encounters an insn it cannot print because it can't read the memory, it throws a MEMORY_ERROR that is caught by tui_disassemble. The specific bit that causes the gdb segfault is that if gdb_print_insn throws a MEMORY_ERROR for the first insn in tui_disassemble, it returns an empty asm_lines. FWIW, I did manage to reproduce the gdb segfault as follows: ... $ gdb -q \ -iex "set pagination off" \ /usr/bin/rustc \ -ex "set breakpoint pending on" \ -ex "b dl_main" \ -ex run \ -ex "up 4" \ -ex "layout asm" \ -ex "print \$pc" ... ... $1 = (void (*)()) 0x1 (gdb) ... Now press , and the segfault triggers. Fix the segfault by handling asm_lines.empty () results of tui_disassemble in tui_find_disassembly_address. I've written a unit test that exercises this scenario. Tested on x86_64-linux. PR tui/30823 Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30823 --- gdb/tui/tui-disasm.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/gdb/tui/tui-disasm.c b/gdb/tui/tui-disasm.c index f0b55769d71..03c78aa1291 100644 --- a/gdb/tui/tui-disasm.c +++ b/gdb/tui/tui-disasm.c @@ -41,6 +41,8 @@ #include "objfiles.h" #include "cli/cli-style.h" #include "tui/tui-location.h" +#include "gdbsupport/selftest.h" +#include "inferior.h" #include "gdb_curses.h" @@ -203,6 +205,8 @@ tui_find_disassembly_address (struct gdbarch *gdbarch, CORE_ADDR pc, int from) instruction fails to disassemble we will take the address of the previous instruction that did disassemble as the result. */ tui_disassemble (gdbarch, asm_lines, pc, max_lines + 1); + if (asm_lines.empty ()) + return pc; new_low = asm_lines.back ().addr; } else @@ -244,6 +248,8 @@ tui_find_disassembly_address (struct gdbarch *gdbarch, CORE_ADDR pc, int from) /* Disassemble forward. */ next_addr = tui_disassemble (gdbarch, asm_lines, new_low, max_lines); + if (asm_lines.empty ()) + break; last_addr = asm_lines.back ().addr; /* If disassembling from the current value of NEW_LOW reached PC @@ -522,3 +528,36 @@ tui_disasm_window::display_start_addr (struct gdbarch **gdbarch_p, *gdbarch_p = m_gdbarch; *addr_p = m_start_line_or_addr.u.addr; } + +#if GDB_SELF_TEST +namespace selftests { +namespace tui { +namespace disasm { + +static void +run_tests () +{ + if (current_inferior () != nullptr) + { + struct gdbarch *gdbarch = current_inferior ()->gdbarch; + + /* Check that tui_find_disassembly_address robustly handles the case of + being passed a PC for which gdb_print_insn throws a MEMORY_ERROR. */ + SELF_CHECK (tui_find_disassembly_address (gdbarch, 0, 1) == 0); + SELF_CHECK (tui_find_disassembly_address (gdbarch, 0, -1) == 0); + } +} + +} /* namespace disasm */ +} /* namespace tui */ +} /* namespace selftests */ +#endif /* GDB_SELF_TEST */ + +void _initialize_tui_disasm (); +void +_initialize_tui_disasm () +{ +#if GDB_SELF_TEST + selftests::register_test ("tui-disasm", selftests::tui::disasm::run_tests); +#endif +} base-commit: b6ac461ace19ba19aaf135a028df4e67e47e21d7 -- 2.35.3