[Bug gdb/27157] New: assert + jump to NULL (segfault) if HOME or XDG_CACHE

public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed

* [Bug gdb/27157] New: assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty
@ 2021-01-07 16:48 sourcewarebugz at kyber dot fi
  2021-01-07 16:55 ` [Bug gdb/27157] " sourcewarebugz at kyber dot fi
                   ` (5 more replies)
  0 siblings, 6 replies; 7+ messages in thread
From: sourcewarebugz at kyber dot fi @ 2021-01-07 16:48 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=27157

            Bug ID: 27157
           Summary: assert + jump to NULL (segfault) if HOME or
                    XDG_CACHE_HOME variable is empty
           Product: gdb
           Version: HEAD
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: sourcewarebugz at kyber dot fi
  Target Milestone: ---

gdb has two bugs: 

1. Empty HOME or XDG_CACHE_HOME variable is considered an error in
get_standard_cache_dir() due to gdb_abspath() asserting on empty path.

2. Due to some missing initialization or missing NULL checks, NULL
ui->call_readline is called in stdin_event_handler().

To PoC this crash, try this with HEAD gdb build:

HOME= gdb

or

XDG_CACHE_HOME= gdb

This will result in a segfault due to jump to address 0.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug gdb/27157] assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty
  2021-01-07 16:48 [Bug gdb/27157] New: assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty sourcewarebugz at kyber dot fi
@ 2021-01-07 16:55 ` sourcewarebugz at kyber dot fi
  2021-01-07 20:25 ` andrew.burgess at embecosm dot com
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: sourcewarebugz at kyber dot fi @ 2021-01-07 16:55 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=27157

--- Comment #1 from Harry Sintonen <sourcewarebugz at kyber dot fi> ---
I believe the first bug was added by commit
87d6a7aa931f2bd4cfe784344b6a2cd595f6f2c9

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug gdb/27157] assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty
  2021-01-07 16:48 [Bug gdb/27157] New: assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty sourcewarebugz at kyber dot fi
  2021-01-07 16:55 ` [Bug gdb/27157] " sourcewarebugz at kyber dot fi
@ 2021-01-07 20:25 ` andrew.burgess at embecosm dot com
  2021-01-07 20:57 ` simark at simark dot ca
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: andrew.burgess at embecosm dot com @ 2021-01-07 20:25 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=27157

Andrew Burgess <andrew.burgess at embecosm dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |andrew.burgess at embecosm dot com

--- Comment #2 from Andrew Burgess <andrew.burgess at embecosm dot com> ---
Created attachment 13100
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13100&action=edit
Possible fix

Here's a possible fix.  This is currently in testing.  If it looks good I'll
post it to the m/l tomorrow.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug gdb/27157] assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty
  2021-01-07 16:48 [Bug gdb/27157] New: assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty sourcewarebugz at kyber dot fi
  2021-01-07 16:55 ` [Bug gdb/27157] " sourcewarebugz at kyber dot fi
  2021-01-07 20:25 ` andrew.burgess at embecosm dot com
@ 2021-01-07 20:57 ` simark at simark dot ca
  2021-01-07 20:59 ` simark at simark dot ca
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: simark at simark dot ca @ 2021-01-07 20:57 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=27157

Simon Marchi <simark at simark dot ca> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2021-01-07
     Ever confirmed|0                           |1
                 CC|                            |simark at simark dot ca
             Status|UNCONFIRMED                 |NEW

--- Comment #3 from Simon Marchi <simark at simark dot ca> ---
Proposed patch:
https://sourceware.org/pipermail/gdb-patches/2021-January/174771.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug gdb/27157] assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty
  2021-01-07 16:48 [Bug gdb/27157] New: assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty sourcewarebugz at kyber dot fi
                   ` (2 preceding siblings ...)
  2021-01-07 20:57 ` simark at simark dot ca
@ 2021-01-07 20:59 ` simark at simark dot ca
  2021-01-08 18:47 ` cvs-commit at gcc dot gnu.org
  2021-01-08 18:53 ` simark at simark dot ca
  5 siblings, 0 replies; 7+ messages in thread
From: simark at simark dot ca @ 2021-01-07 20:59 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=27157

--- Comment #4 from Simon Marchi <simark at simark dot ca> ---
(In reply to Andrew Burgess from comment #2)
> Created attachment 13100 [details]
> Possible fix
> 
> Here's a possible fix.  This is currently in testing.  If it looks good I'll
> post it to the m/l tomorrow.

Heh, mid-air collision.  Our patches and tests are almost identical :).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug gdb/27157] assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty
  2021-01-07 16:48 [Bug gdb/27157] New: assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty sourcewarebugz at kyber dot fi
                   ` (3 preceding siblings ...)
  2021-01-07 20:59 ` simark at simark dot ca
@ 2021-01-08 18:47 ` cvs-commit at gcc dot gnu.org
  2021-01-08 18:53 ` simark at simark dot ca
  5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-01-08 18:47 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=27157

--- Comment #5 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Simon Marchi <simark@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6abd4cf281deda4b1eb2d569a2729a485105e553

commit 6abd4cf281deda4b1eb2d569a2729a485105e553
Author: Simon Marchi <simon.marchi@polymtl.ca>
Date:   Fri Jan 8 13:46:56 2021 -0500

    gdb: check for empty strings in
get_standard_cache_dir/get_standard_config_dir

    As reported in PR 27157, if some environment variables read at startup
    by GDB are defined but empty, we hit the assert in gdb_abspath:

        $ XDG_CACHE_HOME= ./gdb -nx --data-directory=data-directory -q
        AddressSanitizer:DEADLYSIGNAL
        =================================================================
        ==2007040==ERROR: AddressSanitizer: SEGV on unknown address
0x0000000001b0 (pc 0x5639d4aa4127 bp 0x7ffdac232c00 sp 0x7ffdac232bf0 T0)
        ==2007040==The signal is caused by a READ memory access.
        ==2007040==Hint: address points to the zero page.
            #0 0x5639d4aa4126 in target_stack::top() const
/home/smarchi/src/binutils-gdb/gdb/target.h:1334
            #1 0x5639d4aa41f1 in inferior::top_target()
/home/smarchi/src/binutils-gdb/gdb/inferior.h:369
            #2 0x5639d4a70b1f in current_top_target()
/home/smarchi/src/binutils-gdb/gdb/target.c:120
            #3 0x5639d4b00591 in
gdb_readline_wrapper_cleanup::gdb_readline_wrapper_cleanup()
/home/smarchi/src/binutils-gdb/gdb/top.c:1046
            #4 0x5639d4afab31 in gdb_readline_wrapper(char const*)
/home/smarchi/src/binutils-gdb/gdb/top.c:1104
            #5 0x5639d4ccce2c in defaulted_query
/home/smarchi/src/binutils-gdb/gdb/utils.c:893
            #6 0x5639d4ccd6af in query(char const*, ...)
/home/smarchi/src/binutils-gdb/gdb/utils.c:985
            #7 0x5639d4ccaec1 in internal_vproblem
/home/smarchi/src/binutils-gdb/gdb/utils.c:373
            #8 0x5639d4ccb3d1 in internal_verror(char const*, int, char const*,
__va_list_tag*) /home/smarchi/src/binutils-gdb/gdb/utils.c:439
            #9 0x5639d5151a92 in internal_error(char const*, int, char const*,
...) /home/smarchi/src/binutils-gdb/gdbsupport/errors.cc:55
            #10 0x5639d5162ab4 in gdb_abspath(char const*)
/home/smarchi/src/binutils-gdb/gdbsupport/pathstuff.cc:132
            #11 0x5639d5162fac in get_standard_cache_dir[abi:cxx11]()
/home/smarchi/src/binutils-gdb/gdbsupport/pathstuff.cc:228
            #12 0x5639d3e76a81 in _initialize_index_cache()
/home/smarchi/src/binutils-gdb/gdb/dwarf2/index-cache.c:325
            #13 0x5639d4dbbe92 in initialize_all_files()
/home/smarchi/build/binutils-gdb/gdb/init.c:321
            #14 0x5639d4b00259 in gdb_init(char*)
/home/smarchi/src/binutils-gdb/gdb/top.c:2344
            #15 0x5639d4440715 in captured_main_1
/home/smarchi/src/binutils-gdb/gdb/main.c:950
            #16 0x5639d444252e in captured_main
/home/smarchi/src/binutils-gdb/gdb/main.c:1229
            #17 0x5639d44425cf in gdb_main(captured_main_args*)
/home/smarchi/src/binutils-gdb/gdb/main.c:1254
            #18 0x5639d3923371 in main
/home/smarchi/src/binutils-gdb/gdb/gdb.c:32
            #19 0x7fa002d3f0b2 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
            #20 0x5639d392314d in _start
(/home/smarchi/build/binutils-gdb/gdb/gdb+0x4d414d)

    gdb_abspath doesn't handle empty strings, so handle this case in the
    callers.  If a variable is defined but empty, I think it's reasonable in
    this case to just ignore it, as if it was not defined.

    Note that this sometimes also lead to a segfault, because the failed
    assertion happens very early during startup, before things are fully
    initialized.

    gdbsupport/ChangeLog:

            PR gdb/27157
            * pathstuff.cc (get_standard_cache_dir, get_standard_config_dir,
            find_gdb_home_config_file): Add empty string check.

    gdb/testsuite/ChangeLog:

            PR gdb/27157
            * gdb.base/empty-host-env-vars.exp: New test.

    Change-Id: I8654d8e97e74e1dff6d308c111ae4b1bbf07bef9

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug gdb/27157] assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty
  2021-01-07 16:48 [Bug gdb/27157] New: assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty sourcewarebugz at kyber dot fi
                   ` (4 preceding siblings ...)
  2021-01-08 18:47 ` cvs-commit at gcc dot gnu.org
@ 2021-01-08 18:53 ` simark at simark dot ca
  5 siblings, 0 replies; 7+ messages in thread
From: simark at simark dot ca @ 2021-01-08 18:53 UTC (permalink / raw)
  To: gdb-prs

https://sourceware.org/bugzilla/show_bug.cgi?id=27157

Simon Marchi <simark at simark dot ca> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #6 from Simon Marchi <simark at simark dot ca> ---
Fixed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2021-01-08 18:53 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-07 16:48 [Bug gdb/27157] New: assert + jump to NULL (segfault) if HOME or XDG_CACHE_HOME variable is empty sourcewarebugz at kyber dot fi
2021-01-07 16:55 ` [Bug gdb/27157] " sourcewarebugz at kyber dot fi
2021-01-07 20:25 ` andrew.burgess at embecosm dot com
2021-01-07 20:57 ` simark at simark dot ca
2021-01-07 20:59 ` simark at simark dot ca
2021-01-08 18:47 ` cvs-commit at gcc dot gnu.org
2021-01-08 18:53 ` simark at simark dot ca

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).