From: Simon Marchi <simark@simark.ca>
To: Aaron Merey <amerey@redhat.com>, gdb-patches@sourceware.org
Subject: Re: [PATCH] gdb/dwarf2: Check for missing abbrev
Date: Wed, 13 Mar 2024 21:39:07 -0400 [thread overview]
Message-ID: <bcebafe9-670f-4489-aea7-60c34cfbc21f@simark.ca> (raw)
In-Reply-To: <20240313201827.1853989-1-amerey@redhat.com>
On 3/13/24 16:18, Aaron Merey wrote:
> A corrupt debuginfo file can result in a null abbrev_info pointer
> being passed to cooked_indexer::scan_attributes. There is no check
> for whether the abbrev pointer is null and SIGSEGV occurs when
> attempting to dereference the pointer.
>
> Fix this by calling throw_error at the beginning of scan_attributes
> when the abbrev is nullptr.
>
> Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31478
> ---
> gdb/dwarf2/read.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/gdb/dwarf2/read.c b/gdb/dwarf2/read.c
> index 4afb026b8ce..a6e5a3c856e 100644
> --- a/gdb/dwarf2/read.c
> +++ b/gdb/dwarf2/read.c
> @@ -16077,6 +16077,9 @@ cooked_indexer::scan_attributes (dwarf2_per_cu_data *scanning_per_cu,
> bool *is_enum_class,
> bool for_specification)
> {
> + if (abbrev == nullptr)
> + throw_error (NOT_AVAILABLE_ERROR, _("Unable to find DWARF attributes."));
We generally don't make functions error out like this if they are passed
bad parameters (we can use gdb_assert for that if we really want to).
It's up to the callers to respect the contract and not pass nullptr
where nullptr is not expected. So I would instead suggest to add the
nullptr check in the caller (in scan_attributes itself, after the
peek_die_abbrev call lower).
However, I'd like if we could analyze the problem a bit further to
understand more precisely what happens, just to be sure that there isn't
a more fundamental problem and we're not just papering over the problem.
I added instructions on the bug that should help you reproduce.
What I see is that read_unsigned_leb128 in peek_die_abbrev unexpectedly
returns 0. Is it because the corrupted file contains zeros where it
shouldn't? Or is the file truncated and we are reading past the end of
the buffer, and there happens to be a zero there?
Simon
next prev parent reply other threads:[~2024-03-14 1:39 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-13 20:18 Aaron Merey
2024-03-14 1:39 ` Simon Marchi [this message]
2024-03-14 12:31 ` Tom Tromey
2024-03-14 13:56 ` Simon Marchi
2024-03-14 14:31 ` Tom Tromey
2024-03-14 17:45 ` Aaron Merey
2024-03-14 17:52 ` Simon Marchi
2024-08-14 14:47 ` Tom de Vries
2024-08-18 19:11 ` Tom de Vries
2024-08-19 16:00 ` Aaron Merey
2024-03-14 12:29 ` Tom Tromey
2024-03-14 12:36 ` Tom Tromey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bcebafe9-670f-4489-aea7-60c34cfbc21f@simark.ca \
--to=simark@simark.ca \
--cc=amerey@redhat.com \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).