[Bug gdb/16797] New: GDB for mips-elf target will crash the remote embedded target

[Bug gdb/16797] New: GDB for mips-elf target will crash the remote embedded target

[guosheng_gao at realsil dot com.cn]

https://sourceware.org/bugzilla/show_bug.cgi?id=16797

            Bug ID: 16797
           Summary: GDB for mips-elf target will crash the remote embedded
                    target
           Product: gdb
           Version: 7.7
            Status: NEW
          Severity: critical
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: guosheng_gao at realsil dot com.cn

In the function mips-tdep.c:heuristic_pro_start(struct *gdbarch, CORE_ADDR pc)
If the pc value < instlen,
Are we still need to search back for previous return.

static CORE_ADDR
heuristic_proc_start (struct gdbarch *gdbarch, CORE_ADDR pc)
{
  CORE_ADDR start_pc;
  CORE_ADDR fence;
  int instlen;
  int seen_adjsp = 0;
  struct inferior *inf;

  pc = gdbarch_addr_bits_remove (gdbarch, pc);
  start_pc = pc;
  fence = start_pc - heuristic_fence_post;
  if (start_pc == 0)
    return 0;

  if (heuristic_fence_post == UINT_MAX || fence < VM_MIN_ADDRESS)
    fence = VM_MIN_ADDRESS;

  instlen = mips_pc_is_mips (pc) ? MIPS_INSN32_SIZE : MIPS_INSN16_SIZE;

  inf = current_inferior ();

/* Search back for previous return.  */ 
/* if pc (start_pc ) < instlen, the first value of start_pc -= instlen will
skip over 0xffffffff, 
In this case, GDB will try to read the memory at string address, which will
crash the remote embedded target. 
Is this true ？ */
  for (start_pc -= instlen;; start_pc -= instlen)
    if (start_pc < fence)
      {

-- 
You are receiving this mail because:
You are on the CC list for the bug.
>From gdb-prs-return-15496-listarch-gdb-prs=sources.redhat.com@sourceware.org Wed Apr 02 12:09:42 2014
Return-Path: <gdb-prs-return-15496-listarch-gdb-prs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-gdb-prs@sources.redhat.com
Received: (qmail 27355 invoked by alias); 2 Apr 2014 12:09:42 -0000
Mailing-List: contact gdb-prs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-prs.sourceware.org>
List-Subscribe: <mailto:gdb-prs-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-prs/>
List-Post: <mailto:gdb-prs@sourceware.org>
List-Help: <mailto:gdb-prs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: gdb-prs-owner@sourceware.org
Delivered-To: mailing list gdb-prs@sourceware.org
Received: (qmail 27282 invoked by uid 48); 2 Apr 2014 12:09:41 -0000
From: "tgrabiec at gmail dot com" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug python/16798] New: gdb.Value does not accept values which fit
 in unsigned long on python3
Date: Wed, 02 Apr 2014 12:09:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gdb
X-Bugzilla-Component: python
X-Bugzilla-Version: 7.6
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: tgrabiec at gmail dot com
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter
Message-ID: <bug-16798-4717@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-q2/txt/msg00002.txt.bz2
Content-length: 1408

https://sourceware.org/bugzilla/show_bug.cgi?id\x16798

            Bug ID: 16798
           Summary: gdb.Value does not accept values which fit in unsigned
                    long on python3
           Product: gdb
           Version: 7.6
            Status: NEW
          Severity: normal
          Priority: P2
         Component: python
          Assignee: unassigned at sourceware dot org
          Reporter: tgrabiec at gmail dot com

GDB's convert_value_from_python() with python2 was interpreting 'long' typed
value which doesn't fit into 'long long' as 'unsigned long long'. On python3 we
only have 'int' but the function was not adjusted to replicate 'long' behavior,
it throws overflow error if the value exceeds 'long' range.

On GDB with linked with python2 it was possible to create gdb.Value like this
(x86_64):

 value = gdb.Value(long(0xf000000000000000))

because python3 no longer has 'long' type, what was 'long' needs to be 'int'
now. However the following fails with overflow error:

 value = gdb.Value(0xf000000000000000)

Another manifestation of the same problem. This:

 if gdb_value == 0xffff000000000000:
    pass

will fail on python3 with:

 OverflowError: Python int too large to convert to C long

However it was possible to do this on python2:

 if gdb_value == long(0xffff000000000000):
   pass

--
You are receiving this mail because:
You are on the CC list for the bug.

[Bug tdep/16797] GDB for mips-elf target will crash the remote embedded target

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=16797

Tom Tromey <tromey at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tromey at sourceware dot org
          Component|gdb                         |tdep

-- 
You are receiving this mail because:
You are on the CC list for the bug.