[Bug symtab/27981] New: [gdb/symtab] CU importing itself causes gdb to segfault

[Bug symtab/27981] New: [gdb/symtab] CU importing itself causes gdb to segfault

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=27981

            Bug ID: 27981
           Summary: [gdb/symtab] CU importing itself causes gdb to
                    segfault
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: symtab
          Assignee: unassigned at sourceware dot org
          Reporter: vries at gcc dot gnu.org
  Target Milestone: ---

With a test-case containing the following CU:
...
  Compilation Unit @ offset 0xc7:
   Length:        0x38 (32-bit)
   Version:       4
   Abbrev Offset: 0x64
   Pointer Size:  8
 <0><d2>: Abbrev Number: 2 (DW_TAG_compile_unit)
    <d3>   DW_AT_language    : 2        (non-ANSI C)
    <d4>   DW_AT_name        : main.c
 <1><db>: Abbrev Number: 3 (DW_TAG_imported_unit)
    <dc>   DW_AT_import      : <0xd2>   [Abbrev Number: 2
(DW_TAG_compile_unit)]
 <1><e0>: Abbrev Number: 4 (DW_TAG_base_type)
    <e1>   DW_AT_byte_size   : 4
    <e2>   DW_AT_encoding    : 5        (signed)
    <e3>   DW_AT_name        : int
 <1><e7>: Abbrev Number: 5 (DW_TAG_subprogram)
    <e8>   DW_AT_name        : main
    <ed>   DW_AT_low_pc      : 0x4004a7
    <f5>   DW_AT_high_pc     : 0x4004b2
    <fd>   DW_AT_type        : <0xe0>
    <101>   DW_AT_external    : 1
 <1><102>: Abbrev Number: 0
...
we get GDB to crash
...
$ gdb -q -batch outputs/gdb.dwarf2/import-cycle/import-cycle -ex "p main"
Aborted (core dumped)
...

In more detail, we run out of stack with a sigsegv:
...
Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
0x00000000008e0366 in recursively_search_psymtabs(partial_symtab *, objfile *,
block_search_flags, domain_enum, search_domain, const lookup_name_info &,
gdb::function_view<bool(char const*)>) (ps=0x218bc90, objfile=0x1ad0140,
search_flags=..., domain=VAR_DOMAIN, 
    search=ALL_DOMAIN, 
    lookup_name=<error reading variable: Cannot access memory at address
0x7fffff7feff8>, 
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug symtab/27981] [gdb/symtab] CU importing itself causes gdb to segfault

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=27981

--- Comment #1 from Tom de Vries <vries at gcc dot gnu.org> ---
Created attachment 13494
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13494&action=edit
Test-case

Fail like this:
...
Running gdb.dwarf2/dw2-import-cycle.exp ...
ERROR: GDB process no longer exists

                === gdb Summary ===

# of expected passes            1
# of unresolved testcases       1
...

Passes with target board readnow and cc-with-gdb-index.

Fails with target board cc-with-debug-names:
...
(gdb) p main^M
$1 = {<text variable, no debug info>} 0x4004a7 <main>^M
(gdb) FAIL: gdb.dwarf2/dw2-import-cycle.exp: p main
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug symtab/27981] [gdb/symtab] CU importing itself causes gdb to segfault

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=27981

--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
Ad-hoc fixes to make the test-case pass:
...
diff --git a/gdb/block.c b/gdb/block.c
index 26126f5b76f..94feeb0f87c 100644
--- a/gdb/block.c
+++ b/gdb/block.c
@@ -488,7 +488,7 @@ initialize_block_iterator (const struct block *block,

   /* If this is an included symtab, find the canonical includer and
      use it instead.  */
-  while (cu->user != NULL)
+  while (cu->user != NULL && cu->user != cu)
     cu = cu->user;

   /* Putting this check here simplifies the logic of the iterator
diff --git a/gdb/dwarf2/read.c b/gdb/dwarf2/read.c
index a36f25f4e62..9859328c276 100644
--- a/gdb/dwarf2/read.c
+++ b/gdb/dwarf2/read.c
@@ -18258,6 +18258,9 @@ cooked_indexer::index_imported_unit (cutu_reader
*reader,
   dwarf2_per_objfile *per_objfile = reader->cu->per_objfile;
   cutu_reader *new_reader = ensure_cu_exists (reader, per_objfile, sect_off,
                                              is_dwz, true);
+  if (new_reader == reader)
+    return info_ptr;
+
   if (new_reader != nullptr)
     {
       index_dies (new_reader, new_reader->info_ptr, nullptr, false);
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug symtab/27981] [gdb/symtab] CU importing itself causes gdb to segfault

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=27981

Tom de Vries <vries at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tromey at sourceware dot org

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug symtab/27981] [gdb/symtab] CU importing itself causes gdb to segfault

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=27981

--- Comment #3 from Tom Tromey <tromey at sourceware dot org> ---
It's fine to patch around this, but FWIW gdb doesn't always
protect itself from pathological DWARF like this.  So my 
inclination is to say yes if it is cheap/obvious, and no if
it is something complicated or expensive.

In this particular case I'd suggest merging the two conditions
with a comment

/* blah blah */
if (new_reader != reader && new_reader != nullptr)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug symtab/27981] [gdb/symtab] CU importing itself causes gdb to segfault

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=27981

--- Comment #4 from Tom Tromey <tromey at sourceware dot org> ---
Also that block.c change shouldn't be needed, so I think probably
some spot in the reader has to avoid creating a circular list.

-- 
You are receiving this mail because:
You are on the CC list for the bug.