From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-prs-return-16226-listarch-gdb-prs=sources.redhat.com@sourceware.org>
Received: (qmail 20342 invoked by alias); 5 Aug 2014 16:53:28 -0000
Mailing-List: contact gdb-prs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-prs.sourceware.org>
List-Subscribe: <mailto:gdb-prs-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-prs/>
List-Post: <mailto:gdb-prs@sourceware.org>
List-Help: <mailto:gdb-prs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: gdb-prs-owner@sourceware.org
Received: (qmail 20317 invoked by uid 48); 5 Aug 2014 16:53:27 -0000
From: "mageofdancingdragons at gmail dot com" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug gdb/17229] New: infinite loop in linux_check_ptrace_features
Date: Tue, 05 Aug 2014 16:53:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gdb
X-Bugzilla-Component: gdb
X-Bugzilla-Version: 7.7
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: mageofdancingdragons at gmail dot com
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter
Message-ID: <bug-17229-4717@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-q3/txt/msg00215.txt.bz2

https://sourceware.org/bugzilla/show_bug.cgi?id=17229

            Bug ID: 17229
           Summary: infinite loop in linux_check_ptrace_features
           Product: gdb
           Version: 7.7
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: mageofdancingdragons at gmail dot com

In linux_check_ptrace_features there's an infinite loop possibility when the
child dies unexpectedly. 

332   child_pid = linux_fork_to_function (NULL, linux_child_function);
333       
334   ret = my_waitpid (child_pid, &status, 0);

After these two calls complete successfully, there is a child process, and the
value of status fulfills WIFSTOPPED(status).

Now the child process gets killed (for some reason or another).

Finally we hit the cleanup loop at the end:

349   do
350     {
351       ret = ptrace (PTRACE_KILL, child_pid, (PTRACE_TYPE_ARG3) 0,
352                     (PTRACE_TYPE_ARG4) 0);
353       if (ret != 0)
354         warning (_("linux_check_ptrace_features: failed to kill child"));
355       my_waitpid (child_pid, &status, 0);
356     }
357   while (WIFSTOPPED (status));

both ptrace and my_waitpid should fail because the child_pid is no longer a
valid process, but the value of status never changes because waitpid is
returning an error.

The return value of waitpid should be checked and the loop exited if it fails
(with appropriate error reporting).

-- 
You are receiving this mail because:
You are on the CC list for the bug.