From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 51B563945C17; Thu, 14 Jan 2021 09:35:38 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 51B563945C17 From: "cvs-commit at gcc dot gnu.org" To: gdb-prs@sourceware.org Subject: [Bug breakpoints/27151] Step will skip subsequent statements for malloc functions Date: Thu, 14 Jan 2021 09:35:38 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: breakpoints X-Bugzilla-Version: HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gdb-prs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-prs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2021 09:35:38 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D27151 --- Comment #8 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Tom de Vries : https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D5fae2a2c66ca= 865f54505adb37be6bd51fecb6cd commit 5fae2a2c66ca865f54505adb37be6bd51fecb6cd Author: Tom de Vries Date: Thu Jan 14 10:35:34 2021 +0100 [gdb/breakpoint] Handle .plt.sec in in_plt_section Consider the following test-case small.c: ... #include #include #include int main (void) { int *p =3D (int *)malloc (sizeof(int) * 4); memset (p, 0, sizeof(p)); printf ("p[0] =3D %d; p[3] =3D %d\n", p[0], p[3]); return 0; } ... On Ubuntu 20.04, we get: ... $ gcc -O0 -g small.c $ gdb -batch a.out -ex start -ex step Temporary breakpoint 1, main () at small.c:6 6 int *p =3D (int *) malloc(sizeof(int) * 4); p[0] =3D 0; p[3] =3D 0 [Inferior 1 (process $dec) exited normally] ... but after switching off the on-by-default fcf-protection, we get the desired behaviour: ... $ gcc -O0 -g small.c -fcf-protection=3Dnone $ gdb -batch a.out -ex start -ex step Temporary breakpoint 1, main () at small.c:6 6 int *p =3D (int *) malloc(sizeof(int) * 4); 7 memset (p, 0, sizeof(p)); ... Using "set debug infrun 1", the first observable difference between the= two debug sessions is that with -fcf-protection=3Dnone we get: ... [infrun] process_event_stop_test: stepped into dynsym resolve code ... In this case, "in_solib_dynsym_resolve_code (malloc@plt)" returns true because "in_plt_section (malloc@plt)" returns true. With -fcf-protection=3Dfull, "in_solib_dynsym_resolve_code (malloc@plt)" returns false because "in_plt_section (malloc@plt)" returns false, because the section name for malloc@plt is .plt.sec instead of .plt, which is not handled in in_plt_section: ... static inline int in_plt_section (CORE_ADDR pc) { return pc_in_section (pc, ".plt"); } ... Fix this by handling .plt.sec in in_plt_section. Tested on x86_64-linux. [ Another requirement to be able to reproduce this is to have a dynamic linker with a "malloc" minimal symbol, which causes find_solib_trampoline_targ= et to find it, such that skip_language_trampoline returns the address for the dynamic linkers malloc. This causes the step machinery to set a breakp= oint there, and to continue, expecting to hit it. Obviously, we execute gli= bc's malloc instead, so the breakpoint is not hit and we continue to program completion. ] gdb/ChangeLog: 2021-01-14 Tom de Vries PR breakpoints/27151 * objfiles.h (in_plt_section): Handle .plt.sec. --=20 You are receiving this mail because: You are on the CC list for the bug.=