[Bug breakpoints/27151] Step will skip subsequent statements for malloc functions

["cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=27151

--- Comment #8 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Tom de Vries <vries@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5fae2a2c66ca865f54505adb37be6bd51fecb6cd

commit 5fae2a2c66ca865f54505adb37be6bd51fecb6cd
Author: Tom de Vries <tdevries@suse.de>
Date:   Thu Jan 14 10:35:34 2021 +0100

    [gdb/breakpoint] Handle .plt.sec in in_plt_section

    Consider the following test-case small.c:
    ...
     #include <stdio.h>
     #include <stdlib.h>
     #include <string.h>

     int main (void) {
       int *p = (int *)malloc (sizeof(int) * 4);
       memset (p, 0, sizeof(p));
       printf ("p[0] = %d; p[3] = %d\n", p[0], p[3]);
       return 0;
     }
    ...

    On Ubuntu 20.04, we get:
    ...
    $ gcc -O0 -g small.c
    $ gdb -batch a.out -ex start -ex step
    Temporary breakpoint 1, main () at small.c:6
    6         int *p = (int *) malloc(sizeof(int) * 4);
    p[0] = 0; p[3] = 0
    [Inferior 1 (process $dec) exited normally]
    ...
    but after switching off the on-by-default fcf-protection, we get the
desired
    behaviour:
    ...
    $ gcc -O0 -g small.c -fcf-protection=none
    $ gdb -batch a.out -ex start -ex step
    Temporary breakpoint 1, main () at small.c:6
    6         int *p = (int *) malloc(sizeof(int) * 4);
    7         memset (p, 0, sizeof(p));
    ...

    Using "set debug infrun 1", the first observable difference between the two
    debug sessions is that with -fcf-protection=none we get:
    ...
    [infrun] process_event_stop_test: stepped into dynsym resolve code
    ...
    In this case, "in_solib_dynsym_resolve_code (malloc@plt)" returns true
because
    "in_plt_section (malloc@plt)" returns true.

    With -fcf-protection=full, "in_solib_dynsym_resolve_code (malloc@plt)"
returns
    false because "in_plt_section (malloc@plt)" returns false, because the
section
    name for malloc@plt is .plt.sec instead of .plt, which is not handled in
    in_plt_section:
    ...
    static inline int
    in_plt_section (CORE_ADDR pc)
    {
      return pc_in_section (pc, ".plt");
    }
    ...

    Fix this by handling .plt.sec in in_plt_section.

    Tested on x86_64-linux.

    [ Another requirement to be able to reproduce this is to have a dynamic
linker
    with a "malloc" minimal symbol, which causes find_solib_trampoline_target
to
    find it, such that skip_language_trampoline returns the address for the
    dynamic linkers malloc.  This causes the step machinery to set a breakpoint
    there, and to continue, expecting to hit it.  Obviously, we execute glibc's
    malloc instead, so the breakpoint is not hit and we continue to program
    completion. ]

    gdb/ChangeLog:

    2021-01-14  Tom de Vries  <tdevries@suse.de>

            PR breakpoints/27151
            * objfiles.h (in_plt_section): Handle .plt.sec.

-- 
You are receiving this mail because:
You are on the CC list for the bug.