public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug backtrace/16817] New: gdb crashes with mangled symbol name
@ 2014-04-07 17:21 taviso at google dot com
2014-04-08 14:32 ` [Bug backtrace/16817] " gbenson at redhat dot com
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: taviso at google dot com @ 2014-04-07 17:21 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=16817
Bug ID: 16817
Summary: gdb crashes with mangled symbol name
Product: gdb
Version: 7.6
Status: NEW
Severity: normal
Priority: P2
Component: backtrace
Assignee: unassigned at sourceware dot org
Reporter: taviso at google dot com
I have a library with a mangled symbol called
_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z that causes gdb to
crash in libiberty. This can be reproduced like this:
$ printf '.set _QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z,
0xDEADBEEF\n' | as --32 -gstabs+
$ gdb -q -ex 'add-symbol-file a.out 0'
add symbol table from file "a.out" at
.text_addr = 0x0
Reading symbols from a.out...Segmentation fault (core dumped)
$ gdb -q --args gdb -q -ex 'add-symbol-file a.out 0'
Reading symbols from /usr/bin/gdb...Reading symbols from
/usr/lib/debug/usr/bin/gdb.debug...done.
done.
(gdb) r
Starting program: /usr/bin/gdb -q -ex add-symbol-file\ a.out\ 0
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 32347.
add symbol table from file "a.out" at
.text_addr = 0x0
Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106 movdqu (%rax), %xmm12
Missing separate debuginfos, use: debuginfo-install pcre-8.33-4.fc20.x86_64
(gdb) bt
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x000000000075abc5 in work_stuff_copy_to_from (to=to@entry=0x7fffffffd5f0,
from=from@entry=0x7fffffffd740) at ../../libiberty/cplus-dem.c:1269
#2 0x000000000075fa39 in iterate_demangle_function
(work=work@entry=0x7fffffffd740, mangled=mangled@entry=0x7fffffffd6c8,
declp=declp@entry=0x7fffffffd6e0, scan=0xe4c4db "__$4PPPPPPPM_A_INotice___Z")
at ../../libiberty/cplus-dem.c:2640
#3 0x00000000007605f9 in demangle_prefix (declp=0x7fffffffd6e0,
mangled=0x7fffffffd6c8, work=0x7fffffffd740) at
../../libiberty/cplus-dem.c:2880
#4 internal_cplus_demangle (work=work@entry=0x7fffffffd740, mangled=0xe4c4ba
"QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z",
mangled@entry=0xe4c4b9
"_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z") at
../../libiberty/cplus-dem.c:1181
#5 0x000000000075b56d in cplus_demangle (mangled=mangled@entry=0xe4c4b9
"_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z",
options=options@entry=3) at ../../libiberty/cplus-dem.c:873
#6 0x00000000006c25eb in bfd_demangle (abfd=abfd@entry=0x0,
name=name@entry=0xe4c4b9
"_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z",
options=options@entry=3) at ../../bfd/bfd.c:1875
#7 0x0000000000685e2c in gdb_demangle (name=name@entry=0xe4c4b9
"_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z",
options=options@entry=3) at ../../gdb/cp-support.c:1484
#8 0x000000000057deaf in symbol_find_demangled_name (mangled=0xe4c4b9
"_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z",
gsymbol=0xe5be28) at ../../gdb/symtab.c:600
#9 symbol_set_names (gsymbol=gsymbol@entry=0xe5be28,
linkage_name=linkage_name@entry=0xe4c4b9
"_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z",
len=len@entry=60, copy_name=copy_name@entry=0,
objfile=objfile@entry=0xe53d00) at ../../gdb/symtab.c:773
#10 0x00000000005ea9c5 in prim_record_minimal_symbol_full (name=<optimized
out>, name@entry=0x800000000 <Address 0x800000000 out of bounds>, name_len=60,
copy_name=copy_name@entry=0, address=3735928559,
ms_type=ms_type@entry=mst_abs, section=<optimized out>, objfile=0xe53d00)
at ../../gdb/minsyms.c:942
#11 0x0000000000513764 in record_minimal_symbol (name=0x800000000 <Address
0x800000000 out of bounds>, name@entry=0xe4c4b9
"_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z",
name_len=<optimized out>, copy_name=copy_name@entry=0, address=<optimized
out>, address@entry=3735928559, ms_type=ms_type@entry=mst_abs,
bfd_section=<optimized out>, objfile=objfile@entry=0xe53d00)
at ../../gdb/elfread.c:216
#12 0x0000000000513ceb in elf_symtab_read (objfile=objfile@entry=0xe53d00,
type=type@entry=0, number_of_symbols=number_of_symbols@entry=6,
symbol_table=symbol_table@entry=0xdeee30, copy_names=copy_names@entry=0)
at ../../gdb/elfread.c:564
#13 0x0000000000515b65 in elf_symfile_read (objfile=0xe53d00, symfile_flags=2)
at ../../gdb/elfread.c:2339
#14 0x0000000000589a19 in read_symbols (objfile=objfile@entry=0xe53d00,
add_flags=add_flags@entry=2) at ../../gdb/symfile.c:831
#15 0x00000000005895b2 in syms_from_objfile_1 (add_flags=2, addrs=0xdfac20,
objfile=0xe53d00) at ../../gdb/symfile.c:999
#16 syms_from_objfile (add_flags=2, addrs=0x1, objfile=0xe53d00) at
../../gdb/symfile.c:1015
#17 symbol_file_add_with_addrs (abfd=abfd@entry=0xe00590,
add_flags=add_flags@entry=2, addrs=addrs@entry=0xdfac20, flags=flags@entry=8,
parent=parent@entry=0x0) at ../../gdb/symfile.c:1110
#18 0x0000000000589ae8 in symbol_file_add_from_bfd (parent=0x0, flags=8,
addrs=0xdfac20, add_flags=2, abfd=0xe00590) at ../../gdb/symfile.c:1197
#19 symbol_file_add (name=name@entry=0xc49050 "a.out", add_flags=2,
addrs=addrs@entry=0xdfac20, flags=flags@entry=8) at ../../gdb/symfile.c:1211
#20 0x0000000000589e6c in add_symbol_file_command (args=<optimized out>,
from_tty=1) at ../../gdb/symfile.c:2320
#21 0x00000000006724cf in execute_command (p=<optimized out>,
p@entry=0x7fffffffe220 "add-symbol-file a.out 0", from_tty=from_tty@entry=1) at
../../gdb/top.c:482
#22 0x00000000005b05be in catch_command_errors (command=0x6722a0
<execute_command>, arg=0x7fffffffe220 "add-symbol-file a.out 0", from_tty=1,
mask=mask@entry=6) at ../../gdb/exceptions.c:551
#23 0x00000000005b2ffa in captured_main (data=data@entry=0x7fffffffdd90) at
../../gdb/main.c:1114
#24 0x00000000005b04ca in catch_errors (func=func@entry=0x5b27e0
<captured_main>, func_args=func_args@entry=0x7fffffffdd90,
errstring=errstring@entry=0x78ecb3 "", mask=mask@entry=6) at
../../gdb/exceptions.c:524
#25 0x00000000005b3c54 in gdb_main (args=args@entry=0x7fffffffdd90) at
../../gdb/main.c:1160
#26 0x0000000000457d1e in main (argc=<optimized out>, argv=<optimized out>) at
../../gdb/gdb.c:34
(gdb) frame 1
#1 0x000000000075abc5 in work_stuff_copy_to_from (to=to@entry=0x7fffffffd5f0,
from=from@entry=0x7fffffffd740) at ../../libiberty/cplus-dem.c:1269
1269 int len = strlen (from->btypevec[i]) + 1;
(gdb) p/x *from
$1 = {options = 0x103, typevec = 0x0, ktypevec = 0x0, btypevec = 0xd741e0, numk
= 0x0, numb = 0x1, ksize = 0x0, bsize = 0x5, ntypes = 0x0, typevec_size = 0x0,
constructor = 0x0, destructor = 0x0,
static_type = 0x0, temp_start = 0x0, type_quals = 0x0, dllimported = 0x0,
tmpl_argvec = 0x0, ntmpl_args = 0x0, forgetting_types = 0x0, previous_argument
= 0x0, nrepeats = 0x0}
(gdb) p/x from->btypevec
$2 = 0xd741e0
(gdb) p/x from->btypevec[i]
$3 = 0x0
(gdb) p/x i
$4 = 0x0
(gdb)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug backtrace/16817] gdb crashes with mangled symbol name
2014-04-07 17:21 [Bug backtrace/16817] New: gdb crashes with mangled symbol name taviso at google dot com
@ 2014-04-08 14:32 ` gbenson at redhat dot com
2014-04-08 14:48 ` gbenson at redhat dot com
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: gbenson at redhat dot com @ 2014-04-08 14:32 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=16817
Gary Benson <gbenson at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gbenson at redhat dot com
--- Comment #1 from Gary Benson <gbenson at redhat dot com> ---
(gdb) set lang c++
(gdb) maint demangle
_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___ZSegmentation fault
(core dumped)
Ok, I see this too.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug backtrace/16817] gdb crashes with mangled symbol name
2014-04-07 17:21 [Bug backtrace/16817] New: gdb crashes with mangled symbol name taviso at google dot com
2014-04-08 14:32 ` [Bug backtrace/16817] " gbenson at redhat dot com
@ 2014-04-08 14:48 ` gbenson at redhat dot com
2014-04-08 18:20 ` taviso at google dot com
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: gbenson at redhat dot com @ 2014-04-08 14:48 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=16817
--- Comment #2 from Gary Benson <gbenson at redhat dot com> ---
What language/compiler is this please? I don't recognise the mangling style.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug backtrace/16817] gdb crashes with mangled symbol name
2014-04-07 17:21 [Bug backtrace/16817] New: gdb crashes with mangled symbol name taviso at google dot com
2014-04-08 14:32 ` [Bug backtrace/16817] " gbenson at redhat dot com
2014-04-08 14:48 ` gbenson at redhat dot com
@ 2014-04-08 18:20 ` taviso at google dot com
2014-04-10 11:54 ` gbenson at redhat dot com
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: taviso at google dot com @ 2014-04-08 18:20 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=16817
--- Comment #3 from Tavis Ormandy <taviso at google dot com> ---
I don't know, if I had to guess I would say some form of delphi (I don't have
the source code).
I don't expect gdb to be able to demangle this nonsense, just not crash so I
can get a backtrace :-)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug backtrace/16817] gdb crashes with mangled symbol name
2014-04-07 17:21 [Bug backtrace/16817] New: gdb crashes with mangled symbol name taviso at google dot com
` (2 preceding siblings ...)
2014-04-08 18:20 ` taviso at google dot com
@ 2014-04-10 11:54 ` gbenson at redhat dot com
2014-05-09 10:11 ` gbenson at redhat dot com
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: gbenson at redhat dot com @ 2014-04-10 11:54 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=16817
--- Comment #4 from Gary Benson <gbenson at redhat dot com> ---
I started a thread about not crashing here:
https://sourceware.org/ml/gdb-patches/2014-04/msg00156.html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug backtrace/16817] gdb crashes with mangled symbol name
2014-04-07 17:21 [Bug backtrace/16817] New: gdb crashes with mangled symbol name taviso at google dot com
` (3 preceding siblings ...)
2014-04-10 11:54 ` gbenson at redhat dot com
@ 2014-05-09 10:11 ` gbenson at redhat dot com
2014-05-09 14:37 ` aburgess at broadcom dot com
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: gbenson at redhat dot com @ 2014-05-09 10:11 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=16817
Gary Benson <gbenson at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at sourceware dot org |gbenson at redhat dot com
--- Comment #5 from Gary Benson <gbenson at redhat dot com> ---
Patch series submitted:
https://sourceware.org/ml/gdb-patches/2014-05/msg00108.html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug backtrace/16817] gdb crashes with mangled symbol name
2014-04-07 17:21 [Bug backtrace/16817] New: gdb crashes with mangled symbol name taviso at google dot com
` (4 preceding siblings ...)
2014-05-09 10:11 ` gbenson at redhat dot com
@ 2014-05-09 14:37 ` aburgess at broadcom dot com
2014-05-09 14:51 ` gbenson at redhat dot com
2014-05-14 14:35 ` gbenson at redhat dot com
7 siblings, 0 replies; 9+ messages in thread
From: aburgess at broadcom dot com @ 2014-05-09 14:37 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=16817
Andrew Burgess <aburgess at broadcom dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |aburgess at broadcom dot com
--- Comment #6 from Andrew Burgess <aburgess at broadcom dot com> ---
Created attachment 7594
--> https://sourceware.org/bugzilla/attachment.cgi?id=7594&action=edit
Patch, free resources after call to gnu_special.
Patch posted upstream, fixes specific crash in this case:
http://gcc.gnu.org/ml/gcc-patches/2014-05/msg00600.html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug backtrace/16817] gdb crashes with mangled symbol name
2014-04-07 17:21 [Bug backtrace/16817] New: gdb crashes with mangled symbol name taviso at google dot com
` (5 preceding siblings ...)
2014-05-09 14:37 ` aburgess at broadcom dot com
@ 2014-05-09 14:51 ` gbenson at redhat dot com
2014-05-14 14:35 ` gbenson at redhat dot com
7 siblings, 0 replies; 9+ messages in thread
From: gbenson at redhat dot com @ 2014-05-09 14:51 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=16817
--- Comment #7 from Gary Benson <gbenson at redhat dot com> ---
Yeah, I should have been more specific, the patch series I posted was a fix for
the generic case that the demangler crashing takes GDB with it.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug backtrace/16817] gdb crashes with mangled symbol name
2014-04-07 17:21 [Bug backtrace/16817] New: gdb crashes with mangled symbol name taviso at google dot com
` (6 preceding siblings ...)
2014-05-09 14:51 ` gbenson at redhat dot com
@ 2014-05-14 14:35 ` gbenson at redhat dot com
7 siblings, 0 replies; 9+ messages in thread
From: gbenson at redhat dot com @ 2014-05-14 14:35 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=16817
Gary Benson <gbenson at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #8 from Gary Benson <gbenson at redhat dot com> ---
The specific case of the above mentioned symbol crashing GDB has been fixed
with this GCC commit:
https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=210425
I've filed the generic case that GDB cannot cope with demangler segfaults as
bug 16944.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2014-05-14 14:35 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-07 17:21 [Bug backtrace/16817] New: gdb crashes with mangled symbol name taviso at google dot com
2014-04-08 14:32 ` [Bug backtrace/16817] " gbenson at redhat dot com
2014-04-08 14:48 ` gbenson at redhat dot com
2014-04-08 18:20 ` taviso at google dot com
2014-04-10 11:54 ` gbenson at redhat dot com
2014-05-09 10:11 ` gbenson at redhat dot com
2014-05-09 14:37 ` aburgess at broadcom dot com
2014-05-09 14:51 ` gbenson at redhat dot com
2014-05-14 14:35 ` gbenson at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).