From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5655 invoked by alias); 7 Apr 2014 17:21:13 -0000 Mailing-List: contact gdb-prs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-prs-owner@sourceware.org Received: (qmail 5630 invoked by uid 48); 7 Apr 2014 17:21:13 -0000 From: "taviso at google dot com" To: gdb-prs@sourceware.org Subject: [Bug backtrace/16817] New: gdb crashes with mangled symbol name Date: Mon, 07 Apr 2014 17:21:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: backtrace X-Bugzilla-Version: 7.6 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: taviso at google dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-q2/txt/msg00018.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=16817 Bug ID: 16817 Summary: gdb crashes with mangled symbol name Product: gdb Version: 7.6 Status: NEW Severity: normal Priority: P2 Component: backtrace Assignee: unassigned at sourceware dot org Reporter: taviso at google dot com I have a library with a mangled symbol called _QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z that causes gdb to crash in libiberty. This can be reproduced like this: $ printf '.set _QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z, 0xDEADBEEF\n' | as --32 -gstabs+ $ gdb -q -ex 'add-symbol-file a.out 0' add symbol table from file "a.out" at .text_addr = 0x0 Reading symbols from a.out...Segmentation fault (core dumped) $ gdb -q --args gdb -q -ex 'add-symbol-file a.out 0' Reading symbols from /usr/bin/gdb...Reading symbols from /usr/lib/debug/usr/bin/gdb.debug...done. done. (gdb) r Starting program: /usr/bin/gdb -q -ex add-symbol-file\ a.out\ 0 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Detaching after fork from child process 32347. add symbol table from file "a.out" at .text_addr = 0x0 Program received signal SIGSEGV, Segmentation fault. strlen () at ../sysdeps/x86_64/strlen.S:106 106 movdqu (%rax), %xmm12 Missing separate debuginfos, use: debuginfo-install pcre-8.33-4.fc20.x86_64 (gdb) bt #0 strlen () at ../sysdeps/x86_64/strlen.S:106 #1 0x000000000075abc5 in work_stuff_copy_to_from (to=to@entry=0x7fffffffd5f0, from=from@entry=0x7fffffffd740) at ../../libiberty/cplus-dem.c:1269 #2 0x000000000075fa39 in iterate_demangle_function (work=work@entry=0x7fffffffd740, mangled=mangled@entry=0x7fffffffd6c8, declp=declp@entry=0x7fffffffd6e0, scan=0xe4c4db "__$4PPPPPPPM_A_INotice___Z") at ../../libiberty/cplus-dem.c:2640 #3 0x00000000007605f9 in demangle_prefix (declp=0x7fffffffd6e0, mangled=0x7fffffffd6c8, work=0x7fffffffd740) at ../../libiberty/cplus-dem.c:2880 #4 internal_cplus_demangle (work=work@entry=0x7fffffffd740, mangled=0xe4c4ba "QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z", mangled@entry=0xe4c4b9 "_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z") at ../../libiberty/cplus-dem.c:1181 #5 0x000000000075b56d in cplus_demangle (mangled=mangled@entry=0xe4c4b9 "_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z", options=options@entry=3) at ../../libiberty/cplus-dem.c:873 #6 0x00000000006c25eb in bfd_demangle (abfd=abfd@entry=0x0, name=name@entry=0xe4c4b9 "_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z", options=options@entry=3) at ../../bfd/bfd.c:1875 #7 0x0000000000685e2c in gdb_demangle (name=name@entry=0xe4c4b9 "_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z", options=options@entry=3) at ../../gdb/cp-support.c:1484 #8 0x000000000057deaf in symbol_find_demangled_name (mangled=0xe4c4b9 "_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z", gsymbol=0xe5be28) at ../../gdb/symtab.c:600 #9 symbol_set_names (gsymbol=gsymbol@entry=0xe5be28, linkage_name=linkage_name@entry=0xe4c4b9 "_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z", len=len@entry=60, copy_name=copy_name@entry=0, objfile=objfile@entry=0xe53d00) at ../../gdb/symtab.c:773 #10 0x00000000005ea9c5 in prim_record_minimal_symbol_full (name=, name@entry=0x800000000
, name_len=60, copy_name=copy_name@entry=0, address=3735928559, ms_type=ms_type@entry=mst_abs, section=, objfile=0xe53d00) at ../../gdb/minsyms.c:942 #11 0x0000000000513764 in record_minimal_symbol (name=0x800000000
, name@entry=0xe4c4b9 "_QueueNotification_QueueController__$4PPPPPPPM_A_INotice___Z", name_len=, copy_name=copy_name@entry=0, address=, address@entry=3735928559, ms_type=ms_type@entry=mst_abs, bfd_section=, objfile=objfile@entry=0xe53d00) at ../../gdb/elfread.c:216 #12 0x0000000000513ceb in elf_symtab_read (objfile=objfile@entry=0xe53d00, type=type@entry=0, number_of_symbols=number_of_symbols@entry=6, symbol_table=symbol_table@entry=0xdeee30, copy_names=copy_names@entry=0) at ../../gdb/elfread.c:564 #13 0x0000000000515b65 in elf_symfile_read (objfile=0xe53d00, symfile_flags=2) at ../../gdb/elfread.c:2339 #14 0x0000000000589a19 in read_symbols (objfile=objfile@entry=0xe53d00, add_flags=add_flags@entry=2) at ../../gdb/symfile.c:831 #15 0x00000000005895b2 in syms_from_objfile_1 (add_flags=2, addrs=0xdfac20, objfile=0xe53d00) at ../../gdb/symfile.c:999 #16 syms_from_objfile (add_flags=2, addrs=0x1, objfile=0xe53d00) at ../../gdb/symfile.c:1015 #17 symbol_file_add_with_addrs (abfd=abfd@entry=0xe00590, add_flags=add_flags@entry=2, addrs=addrs@entry=0xdfac20, flags=flags@entry=8, parent=parent@entry=0x0) at ../../gdb/symfile.c:1110 #18 0x0000000000589ae8 in symbol_file_add_from_bfd (parent=0x0, flags=8, addrs=0xdfac20, add_flags=2, abfd=0xe00590) at ../../gdb/symfile.c:1197 #19 symbol_file_add (name=name@entry=0xc49050 "a.out", add_flags=2, addrs=addrs@entry=0xdfac20, flags=flags@entry=8) at ../../gdb/symfile.c:1211 #20 0x0000000000589e6c in add_symbol_file_command (args=, from_tty=1) at ../../gdb/symfile.c:2320 #21 0x00000000006724cf in execute_command (p=, p@entry=0x7fffffffe220 "add-symbol-file a.out 0", from_tty=from_tty@entry=1) at ../../gdb/top.c:482 #22 0x00000000005b05be in catch_command_errors (command=0x6722a0 , arg=0x7fffffffe220 "add-symbol-file a.out 0", from_tty=1, mask=mask@entry=6) at ../../gdb/exceptions.c:551 #23 0x00000000005b2ffa in captured_main (data=data@entry=0x7fffffffdd90) at ../../gdb/main.c:1114 #24 0x00000000005b04ca in catch_errors (func=func@entry=0x5b27e0 , func_args=func_args@entry=0x7fffffffdd90, errstring=errstring@entry=0x78ecb3 "", mask=mask@entry=6) at ../../gdb/exceptions.c:524 #25 0x00000000005b3c54 in gdb_main (args=args@entry=0x7fffffffdd90) at ../../gdb/main.c:1160 #26 0x0000000000457d1e in main (argc=, argv=) at ../../gdb/gdb.c:34 (gdb) frame 1 #1 0x000000000075abc5 in work_stuff_copy_to_from (to=to@entry=0x7fffffffd5f0, from=from@entry=0x7fffffffd740) at ../../libiberty/cplus-dem.c:1269 1269 int len = strlen (from->btypevec[i]) + 1; (gdb) p/x *from $1 = {options = 0x103, typevec = 0x0, ktypevec = 0x0, btypevec = 0xd741e0, numk = 0x0, numb = 0x1, ksize = 0x0, bsize = 0x5, ntypes = 0x0, typevec_size = 0x0, constructor = 0x0, destructor = 0x0, static_type = 0x0, temp_start = 0x0, type_quals = 0x0, dllimported = 0x0, tmpl_argvec = 0x0, ntmpl_args = 0x0, forgetting_types = 0x0, previous_argument = 0x0, nrepeats = 0x0} (gdb) p/x from->btypevec $2 = 0xd741e0 (gdb) p/x from->btypevec[i] $3 = 0x0 (gdb) p/x i $4 = 0x0 (gdb) -- You are receiving this mail because: You are on the CC list for the bug.