From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 4C50C396980F; Wed,  7 Jul 2021 16:27:31 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4C50C396980F
From: "simark at simark dot ca" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug gdb/28063] New: ASan crash in value_primitive_field /
 value_contents_copy_raw when printing std::tuple
Date: Wed, 07 Jul 2021 16:27:31 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gdb
X-Bugzilla-Component: gdb
X-Bugzilla-Version: HEAD
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: simark at simark dot ca
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-28063-4717@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gdb-prs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-prs mailing list <gdb-prs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-prs>,
 <mailto:gdb-prs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-prs/>
List-Help: <mailto:gdb-prs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-prs>,
 <mailto:gdb-prs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2021 16:27:31 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D28063

            Bug ID: 28063
           Summary: ASan crash in value_primitive_field /
                    value_contents_copy_raw when printing std::tuple
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: simark at simark dot ca
  Target Milestone: ---

I hit this while debugging GDB itself.  I don't have a small reproducer at =
the
moment, but I have a self-contained easy reproducer using the GDB binary an=
d a
core file of it I created.  It's a bit too big to attach here so I'll post a
link in a follow-up comment.

Steps to reproduce:

1. Extract the archive to /tmp/repro
2. Compile GDB with AddressSanitizer
2. Run:

  $ ./gdb -q -nx --data-directory=3Ddata-directory  -iex "set sysroot /tmp/=
repro"
/tmp/repro/gdb  /tmp/repro/core.3164744 -ex 'p
current_inferior_.m_obj.thread_list.m_front.priv' -batch


The error I get:

=3D=3D2087857=3D=3DERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200009b10f at pc 0x7f7575b843a7 bp 0x7fffbac99b10 sp 0x7fffbac992b8=20=
=20=20=20=20=20=20=20=20
READ of size 1 at 0x60200009b10f thread T0=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20
    #0 0x7f7575b843a6 in __interceptor_memcpy
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors=
.inc:827=20
    #1 0x124aa6c in memcpy
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:34=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #2 0x124aa6c in value_contents_copy_raw
/home/smarchi/src/binutils-gdb/gdb/value.c:1332=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #3 0x1251b95 in value_primitive_field(value*, long, int, type*)
/home/smarchi/src/binutils-gdb/gdb/value.c:3096=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #4 0x7f4c87 in cp_print_value_fields(value*, ui_file*, int,
value_print_options const*, type**, int)
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:333=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #5 0x7f5f75 in cp_print_value
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:513=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #6 0x7f5f75 in cp_print_value_fields(value*, ui_file*, int,
value_print_options const*, type**, int)
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:159=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #7 0x7f5f75 in cp_print_value
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:513=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #8 0x7f5f75 in cp_print_value_fields(value*, ui_file*, int,
value_print_options const*, type**, int)
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:159=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #9 0x7f5f75 in cp_print_value
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:513=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #10 0x7f5f75 in cp_print_value_fields(value*, ui_file*, int,
value_print_options const*, type**, int)
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:159=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #11 0x6faa66 in c_value_print_struct
/home/smarchi/src/binutils-gdb/gdb/c-valprint.c:383=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #12 0x6faa66 in c_value_print_inner(value*, ui_file*, int,
value_print_options const*) /home/smarchi/src/binutils-gdb/gdb/c-valprint.c=
:438=20
    #13 0x1235c77 in do_val_print
/home/smarchi/src/binutils-gdb/gdb/valprint.c:1046=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #14 0x7f4cea in cp_print_value_fields(value*, ui_file*, int,
value_print_options const*, type**, int)
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:335=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #15 0x7f5f75 in cp_print_value
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:513=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #16 0x7f5f75 in cp_print_value_fields(value*, ui_file*, int,
value_print_options const*, type**, int)
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:159=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #17 0x6faa66 in c_value_print_struct
/home/smarchi/src/binutils-gdb/gdb/c-valprint.c:383
    #18 0x6faa66 in c_value_print_inner(value*, ui_file*, int,
value_print_options const*) /home/smarchi/src/binutils-gdb/gdb/c-valprint.c=
:438
    #19 0x1235c77 in do_val_print
/home/smarchi/src/binutils-gdb/gdb/valprint.c:1046
    #20 0x7f4cea in cp_print_value_fields(value*, ui_file*, int,
value_print_options const*, type**, int)
/home/smarchi/src/binutils-gdb/gdb/cp-valprint.c:335
    #21 0x6faa66 in c_value_print_struct
/home/smarchi/src/binutils-gdb/gdb/c-valprint.c:383
    #22 0x6faa66 in c_value_print_inner(value*, ui_file*, int,
value_print_options const*) /home/smarchi/src/binutils-gdb/gdb/c-valprint.c=
:438
    #23 0x1235c77 in do_val_print
/home/smarchi/src/binutils-gdb/gdb/valprint.c:1046
    #24 0x6fb4d5 in c_value_print(value*, ui_file*, value_print_options con=
st*)
/home/smarchi/src/binutils-gdb/gdb/c-valprint.c:587
    #25 0x1236a37 in value_print(value*, ui_file*, value_print_options cons=
t*)
/home/smarchi/src/binutils-gdb/gdb/valprint.c:1187
    #26 0xd7eafe in print_value(value*, value_print_options const&)
/home/smarchi/src/binutils-gdb/gdb/printcmd.c:1258
    #27 0xd7f00f in print_command_1
/home/smarchi/src/binutils-gdb/gdb/printcmd.c:1344
    #28 0x72ad29 in cmd_func(cmd_list_element*, char const*, int)
/home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:2160
    #29 0x10e7464 in execute_command(char const*, int)
/home/smarchi/src/binutils-gdb/gdb/top.c:674=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20
    #30 0xc4af30 in catch_command_errors
/home/smarchi/src/binutils-gdb/gdb/main.c:523
    #31 0xc4b204 in execute_cmdargs
/home/smarchi/src/binutils-gdb/gdb/main.c:618
    #32 0xc503af in captured_main_1
/home/smarchi/src/binutils-gdb/gdb/main.c:1322
    #33 0xc5153b in captured_main
/home/smarchi/src/binutils-gdb/gdb/main.c:1343
    #34 0xc5153b in gdb_main(captured_main_args*)
/home/smarchi/src/binutils-gdb/gdb/main.c:1368
    #35 0x487ffd in main /home/smarchi/src/binutils-gdb/gdb/gdb.c:32
    #36 0x7f7574bac0b2 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #37 0x4acdfd in _start
(/home/smarchi/build/binutils-gdb-opt/gdb/gdb+0x4acdfd)

0x60200009b10f is located 1 bytes to the left of 8-byte region
[0x60200009b110,0x60200009b118)
allocated by thread T0 here:
    #0 0x7f7575bfee17 in __interceptor_calloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
    #1 0x56b0a0 in xcalloc /home/smarchi/src/binutils-gdb/gdb/alloc.c:100

--=20
You are receiving this mail because:
You are on the CC list for the bug.=