[Bug backtrace/14550] New: Loading a custom JIT reader plugin crashes GDB during backtrace

public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed

From: "sanjoy at playingwithpointers dot com" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug backtrace/14550] New: Loading a custom JIT reader plugin crashes GDB during backtrace
Date: Thu, 06 Sep 2012 09:29:00 -0000	[thread overview]
Message-ID: <bug-14550-4717@http.sourceware.org/bugzilla/> (raw)

http://sourceware.org/bugzilla/show_bug.cgi?id=14550

             Bug #: 14550
           Summary: Loading a custom JIT reader plugin crashes GDB during
                    backtrace
           Product: gdb
           Version: unknown
            Status: NEW
          Severity: normal
          Priority: P2
         Component: backtrace
        AssignedTo: sanjoy@playingwithpointers.com
        ReportedBy: sanjoy@playingwithpointers.com
    Classification: Unclassified


Sample code (from Michael Haupt <michael.haupt@oracle.com> with minor
modifications):

To crash GDB, jit-reader-load myreader.c and break inside the `func` function
in jithost.c

myreader.c: 

#include "gdb/jit-reader.h"

GDB_DECLARE_GPL_COMPATIBLE_READER;

static enum gdb_status read_debug_info(struct gdb_reader_funcs* self,
                                       struct gdb_symbol_callbacks* cbs,
                                       void* memory, long memory_sz) {
    GDB_CORE_ADDR* buf = (GDB_CORE_ADDR*) memory;
    GDB_CORE_ADDR start = buf[0];
    GDB_CORE_ADDR end = buf[1];

    struct gdb_object* object = cbs->object_open(cbs);
    struct gdb_symtab* symtab = cbs->symtab_open(cbs, object, "");
    struct gdb_block* block = cbs->block_open(cbs, symtab, NULL, start, end,
                                              "fluffy");

    cbs->symtab_close(cbs, symtab);
    cbs->object_close(cbs, object);
    return GDB_SUCCESS;
}

enum gdb_status unwind_frame(struct gdb_reader_funcs* self,
                             struct gdb_unwind_callbacks* cbs) {
    return GDB_SUCCESS;
}

struct gdb_frame_id get_frame_id(struct gdb_reader_funcs* self,
                                 struct gdb_unwind_callbacks* cbs) {
    struct gdb_frame_id frame = { 0x602000, 0 };
    return frame;
}

void destroy_reader(struct gdb_reader_funcs* self) { }

extern struct gdb_reader_funcs* gdb_init_reader(void) {
    static struct gdb_reader_funcs funcs = {
        GDB_READER_INTERFACE_VERSION,
    NULL,
    read_debug_info,
    unwind_frame,
    get_frame_id,
    destroy_reader
    };
    return &funcs;
}


jithost.c:


#include <stdio.h>
#include <sys/mman.h>

#include "gdb/jit-reader.h"
#include "defs.h"
#include "jit.h"

struct jit_descriptor __jit_debug_descriptor = { 1, 0, 0, 0 };
struct jit_code_entry entry = { 0, 0, 0, 0 };

typedef void (*func)();

void __attribute__((noinline)) __jit_debug_register_code() {
    __asm("");
}

#define SIZE 4096

int main(int argc, char** argv) {
    char* code = (char*) valloc(SIZE);
    GDB_CORE_ADDR* buffer = (GDB_CORE_ADDR*) valloc(SIZE);
    fprintf(stderr, "buffer at %p, code at %p\n", buffer, code);

    if (0 != mprotect(code, SIZE, PROT_WRITE | PROT_READ | PROT_EXEC)) {
        perror(NULL);
    exit(3);
    }

    code[0] = 0xc3; // RET
    buffer[0] = (GDB_CORE_ADDR) code; // store code address in buffer
    buffer[1] = (GDB_CORE_ADDR) (code + 1); // and the end of the generated
"function"

    entry.symfile_addr = (GDB_CORE_ADDR) buffer;
    entry.symfile_size = SIZE;

    __jit_debug_descriptor.first_entry =
         __jit_debug_descriptor.relevant_entry = (GDB_CORE_ADDR) &entry;
    __jit_debug_descriptor.action_flag = JIT_REGISTER;
    __jit_debug_descriptor.version = 1;
    __jit_debug_register_code();

    (((func)(code)))();

    return 0;
}

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

next             reply	other threads:[~2012-09-06  9:29 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-06  9:29 sanjoy at playingwithpointers dot com [this message]
2012-09-06  9:30 ` [Bug backtrace/14550] " sanjoy at playingwithpointers dot com
2013-01-17 14:11 ` cvs-commit at gcc dot gnu.org
2013-02-01 20:41 ` tromey at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-14550-4717@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=gdb-prs@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).