[PATCH][PING][PR gdb/19374] null-ptr dereference on solaris when running get_osdata( "processes" )

[PATCH][PING][PR gdb/19374] null-ptr dereference on solaris when running get_osdata( "processes" )

[Brian Vandenberg]

[-- Attachment #1: Type: text/plain, Size: 1030 bytes --]

This patch is to address bug 19374 on solaris.

When running gdb under eclipse/CDT on Solaris, eclipse runs gdb with:

gdb --interpreter mi2 --nx

During execution it ends up sending the following string to gdb:

16-list-thread-groups --available

... at which point gdb crashes.

This patch partially reverts the change in the following:

http://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=e75fdfcad1c868eae5396a95be9dd18010406306#patch4

... by re-adding the check for ops->beneath != NULL and returning
TARGET_XFER_E_IO.

I cannot easily run the test suite against these changes right now.
If this gets rejected based on that, I'll see about getting something
setup at home to run the tests when I have time.

----

note: this patch was tested against 8.1.1.  I don't know [yet] whether
this is still a problem in 8.2 because of the procfs C++ conversion.
The same logic still exists but "beneath" appears to be a function
object.

-brian

ps, my assignment/release forms were completed/received 10/30/2017

[-- Attachment #2: gdb-19374-patch, revised.txt --]
[-- Type: text/plain, Size: 742 bytes --]

gdb/Changelog:
2018-08-07  Brian Vandenberg <phantall@gmail.com>

	PR gdb/19374
	* gdb/procfs.c (procfs_xfer_partial): Added check for ops->beneath != NULL

diff --git a/gdb/procfs.c b/gdb/procfs.c
--- a/gdb/procfs.c
+++ b/gdb/procfs.c
@@ --2599,9 +2599,12 @@ procfs_xfer_partial (struct target_ops *ops, enum target_object object,
 #endif

     default:
-      return ops->beneath->to_xfer_partial (ops->beneath, object, annex,
+      if( ops->beneath )
+        return ops->beneath->to_xfer_partial (ops->beneath, object, annex,
                                            readbuf, writebuf, offset, len,
                                            xfered_len);
+      else
+        return TARGET_XFER_E_IO;
     }
 }

Re: [PATCH][PING][PR gdb/19374] null-ptr dereference on solaris when running get_osdata( "processes" )

[Simon Marchi]

On 2018-08-07 15:29, Brian Vandenberg wrote:
> This patch is to address bug 19374 on solaris.
> 
> When running gdb under eclipse/CDT on Solaris, eclipse runs gdb with:
> 
> gdb --interpreter mi2 --nx
> 
> During execution it ends up sending the following string to gdb:
> 
> 16-list-thread-groups --available
> 
> ... at which point gdb crashes.
> 
> This patch partially reverts the change in the following:
> 
> http://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=e75fdfcad1c868eae5396a95be9dd18010406306#patch4
> 
> ... by re-adding the check for ops->beneath != NULL and returning
> TARGET_XFER_E_IO.
> 
> I cannot easily run the test suite against these changes right now.
> If this gets rejected based on that, I'll see about getting something
> setup at home to run the tests when I have time.
> 
> ----
> 
> note: this patch was tested against 8.1.1.  I don't know [yet] whether
> this is still a problem in 8.2 because of the procfs C++ conversion.
> The same logic still exists but "beneath" appears to be a function
> object.
> 
> -brian
> 
> ps, my assignment/release forms were completed/received 10/30/2017

Hi Brian,

Same here, please submit the patch that applies on master again once you 
are able to build & test (at least manually).

Simon

Re: [PATCH][PING][PR gdb/19374] null-ptr dereference on solaris when running get_osdata( "processes" )

[Tom Tromey]

>>>>> "Brian" == Brian Vandenberg <phantall@gmail.com> writes:

Brian> note: this patch was tested against 8.1.1.  I don't know [yet] whether
Brian> this is still a problem in 8.2 because of the procfs C++ conversion.
Brian> The same logic still exists but "beneath" appears to be a function
Brian> object.

Now you call beneath() to get the object beneath.
At least one spot (see windows_nat_target::xfer_partial) checks this for NULL.

Tom

[PATCH][PING][PR gdb/19374] null-ptr dereference on solaris when running get_osdata( "processes" )

[Brian Vandenberg]

[-- Attachment #1: Type: text/plain, Size: 656 bytes --]

This patch is to address bug 19374 on solaris.

When running gdb under eclipse/CDT on Solaris, eclipse
runs gdb with:

gdb --interpreter mi2 --nx

During execution it ends up sending the following string to gdb:

16-list-thread-groups --available

... at which point gdb crashes.

There's a few issues I see with this function, not all of which I'm
prepared to deal with competently.

This patch partially reverts the change in the following:

http://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=e75fdfcad1c868eae5396a95be9dd18010406306#patch4

... by re-adding the check for ops->beneath != NULL and returning
TARGET_XFER_E_IO.

-brian

[-- Attachment #2: gdb-19374-patch.txt --]
[-- Type: text/plain, Size: 773 bytes --]

gdb/Changelog:
2015-12-16  Brian Vandenberg <phantall@gmail.com>

	PR gdb/19374
	* gdb/procfs.c (procfs_xfer_partial): Added check for ops->beneath != NULL

diff --git a/gdb/procfs.c b/gdb/procfs.c
index 7b7ff45..7c08bf4 100644
--- a/gdb/procfs.c
+++ b/gdb/procfs.c
@@ --3954,9 +3954,12 @@ procfs_xfer_partial (struct target_ops *ops, enum target_object object,
 #endif

     default:
-      return ops->beneath->to_xfer_partial (ops->beneath, object, annex,
+      if( ops->beneath )
+        return ops->beneath->to_xfer_partial (ops->beneath, object, annex,
                                            readbuf, writebuf, offset, len,
                                            xfered_len);
+      else
+        return TARGET_XFER_E_IO;
     }
 }