From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 11056 invoked by alias); 9 Aug 2013 13:05:03 -0000 Mailing-List: contact gdb-prs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-prs-owner@sourceware.org Received: (qmail 11008 invoked by uid 48); 9 Aug 2013 13:05:02 -0000 From: "jutaky at gmail dot com" To: gdb-prs@sourceware.org Subject: [Bug cli/15827] New: Segfault on reading symbols from a fuzzed (corrupted) binary Date: Fri, 09 Aug 2013 13:05:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: cli X-Bugzilla-Version: HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: jutaky at gmail dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2013-q3/txt/msg00197.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=3D15827 Bug ID: 15827 Summary: Segfault on reading symbols from a fuzzed (corrupted) binary Product: gdb Version: HEAD Status: NEW Severity: normal Priority: P2 Component: cli Assignee: unassigned at sourceware dot org Reporter: jutaky at gmail dot com I am performing fuzzing against gdb and checking how it behaves on different kind of input. Here is the first finding. Segmentation fault on reading symbols from a fuzzed binary. gdb version 7.6.50.20130809-cvs. Test case: http://jutaky.com/fuzzing/gdb_case_6958_4981.bin Reading symbols from /home/jutaky/fuzzing/gdb_case_6958_4981.bin... Program received signal SIGSEGV, Segmentation fault. 0x00000000005e891c in read_unsigned_leb128 (abfd=3D0xd3d4a0, buf=3D0x76e731= 34
, bytes_read_ptr=3D0x7fffffffde64) at dwarf2read.c:15166 15166 byte =3D bfd_get_8 (abfd, buf); (gdb) bt #0 0x00000000005e891c in read_unsigned_leb128 (abfd=3D0xd3d4a0, buf=3D0x76= e73134
, bytes_read_ptr=3D0x7fffffffde64) at dwarf2read.c:15166 #1 0x00000000005d4ff8 in peek_die_abbrev (info_ptr=3D0x76e73134
, bytes_read=3D0x7fffffffde64, cu=3D0xd5b1c0) at dwarf2read.c:6669 #2 0x00000000005e6020 in load_partial_dies (reader=3D0x7fffffffe0c0, info_ptr=3D0x76e73134
, building_psymtab= =3D1) at dwarf2read.c:13945 #3 0x00000000005d2d38 in process_psymtab_comp_unit_reader (reader=3D0x7fffffffe0c0, info_ptr=3D0xd62f9d "\002\060\a", comp_unit_die= =3D0xd689a0, has_children=3D1, data=3D0x7fffffffe190) at dwarf2read.c:5710 #4 0x00000000005d1a6d in init_cutu_and_read_dies (this_cu=3D0xd593c0, abbrev_table=3D0x0, use_existing_cu=3D0, keep=3D0, die_reader_func=3D0x5d2a= 1f , data=3D0x7fffffffe190) at dwarf2read.c:5143 #5 0x00000000005d320d in process_psymtab_comp_unit (this_cu=3D0xd593c0, want_partial_unit=3D0, pretend_language=3Dlanguage_minimal) at dwarf2read.c= :5797 #6 0x00000000005d3923 in dwarf2_build_psymtabs_hard (objfile=3D0xd47750) at dwarf2read.c:5977 #7 0x00000000005ce7ac in dwarf2_build_psymtabs (objfile=3D0xd47750) at dwarf2read.c:3839 #8 0x00000000004b1f05 in read_psyms (objfile=3D0xd47750) at elfread.c:1473 #9 0x000000000053aee2 in require_partial_symbols (objfile=3D0xd47750, verb= ose=3D0) at psymtab.c:92 #10 0x0000000000540c3d in read_symbols (objfile=3D0xd47750, add_flags=3D6) = at symfile.c:847 #11 0x000000000054107e in syms_from_objfile_1 (objfile=3D0xd47750, addrs=3D0xd519e0, add_flags=3D6) at symfile.c:998 #12 0x00000000005410c1 in syms_from_objfile (objfile=3D0xd47750, addrs=3D0x= 0, add_flags=3D6) at symfile.c:1014 #13 0x00000000005412b3 in symbol_file_add_with_addrs (abfd=3D0xd3d4a0, add_flags=3D6, addrs=3D0x0, flags=3D0, parent=3D0x0) at symfile.c:1109 #14 0x0000000000541493 in symbol_file_add_from_bfd (abfd=3D0xd3d4a0, add_fl= ags=3D6, addrs=3D0x0, flags=3D0, parent=3D0x0) at symfile.c:1196 #15 0x00000000005414e7 in symbol_file_add (name=3D0x7fffffffeb26 "gdb_case_6958_4981.bin", add_flags=3D6, addrs=3D0x0, flags=3D0) at symfile= .c:1210 #16 0x0000000000541576 in symbol_file_add_main_1 (args=3D0x7fffffffeb26 "gdb_case_6958_4981.bin", from_tty=3D1, flags=3D0) at symfile.c:1235 #17 0x0000000000541522 in symbol_file_add_main (args=3D0x7fffffffeb26 "gdb_case_6958_4981.bin", from_tty=3D1) at symfile.c:1226 #18 0x0000000000571fa8 in catch_command_errors (command=3D0x5414fd , arg=3D0x7fffffffeb26 "gdb_case_6958_4981.bin", from_tty=3D1, mask=3D6) at exceptions.c:551 #19 0x0000000000575b3a in captured_main (data=3D0x7fffffffe710) at main.c:9= 46 #20 0x0000000000571ed6 in catch_errors (func=3D0x574d53 , func_args=3D0x7fffffffe710, errstring=3D0x828fd4 "", mask=3D6) at exception= s.c:524 #21 0x0000000000575eca in gdb_main (args=3D0x7fffffffe710) at main.c:1062 #22 0x0000000000406c9e in main (argc=3D2, argv=3D0x7fffffffe818) at gdb.c:34 -- Juha Kylm=C3=A4nen Research Assistant, OUSPG --=20 You are receiving this mail because: You are on the CC list for the bug. >>From gdb-prs-return-14164-listarch-gdb-prs=sources.redhat.com@sourceware.org Fri Aug 09 15:43:45 2013 Return-Path: Delivered-To: listarch-gdb-prs@sources.redhat.com Received: (qmail 27957 invoked by alias); 9 Aug 2013 15:43:44 -0000 Mailing-List: contact gdb-prs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-prs-owner@sourceware.org Delivered-To: mailing list gdb-prs@sourceware.org Received: (qmail 27897 invoked by uid 48); 9 Aug 2013 15:43:44 -0000 From: "tromey at redhat dot com" To: gdb-prs@sourceware.org Subject: [Bug threads/15824] Can't get threads name from info threads with linux kernel version below 2.6.32 Date: Fri, 09 Aug 2013 15:43:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: threads X-Bugzilla-Version: 7.6 X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: tromey at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2013-q3/txt/msg00198.txt.bz2 Content-length: 699 http://sourceware.org/bugzilla/show_bug.cgi?id=15824 Tom Tromey changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tromey at redhat dot com --- Comment #1 from Tom Tromey --- Thanks. See the contribution checklist for submitting patches: http://sourceware.org/gdb/wiki/ContributionChecklist I glanced at the patch and noticed that is doesn't follow the GNU coding standards. You'll want to fix that up before submitting. -- You are receiving this mail because: You are on the CC list for the bug.