[Bug remote/28360] New: segfault in bfd_get_elf_phdr_upper_bound

[Bug remote/28360] New: segfault in bfd_get_elf_phdr_upper_bound

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28360

            Bug ID: 28360
           Summary: segfault in bfd_get_elf_phdr_upper_bound
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: remote
          Assignee: unassigned at sourceware dot org
          Reporter: vries at gcc dot gnu.org
  Target Milestone: ---

While investigating PR28355, I decided to emulate the gdbserver internal error
by doing:
...
diff --git a/gdbserver/regcache.cc b/gdbserver/regcache.cc
index 312f14ee9dd..de664cfc987 100644
--- a/gdbserver/regcache.cc
+++ b/gdbserver/regcache.cc
@@ -252,7 +252,7 @@ find_regno (const struct target_desc *tdesc, const char
*name)
   for (int i = 0; i < tdesc->reg_defs.size (); ++i)
     {
       if (strcmp (name, find_register_by_number (tdesc, i).name) == 0)
-       return i;
+       {}
     }
   internal_error (__FILE__, __LINE__, "Unknown register %s requested",
                  name);
...
and ran gdb.server/*.exp.

Annoyingly, a few times we report "ERROR: GDB process no longer exists" while
in fact GDB is alive, and it's just the gdbserver that crashed.

This is due to running gdb_test_multiple with the gdb_spawn_id set to the
spawn_id of the gdbserver, which looks wrong.

Anyway, there is an actual gdb crash in test-case
gdb.server/server-exec-info.exp:
...
(gdb) builtin_spawn
/home/vries/gdb_versions/devel/build/gdb/testsuite/../../gdb/../gdbserver/gdbserver
--once localhost:2403
/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.server/server-exec-info/server-exec-info^M
Process
/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.server/server-exec-info/server-exec-info
created; pid = 2570^M
Listening on port 2403^M
target remote localhost:2403^M
Remote debugging using localhost:2403^M
Remote connection closed^M
(gdb) set sysroot remote:^M
warning: "remote:" is deprecated, use "target:" instead.^M
warning: sysroot set to "target:".^M
^M
^M
Fatal signal: Segmentation fault^M
...

In more detail:
...
Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
0x0000000000e89dcc in bfd_get_elf_phdr_upper_bound (abfd=0x0)
    at /home/vries/gdb_versions/devel/src/bfd/elf.c:12299
12299     if (abfd->xvec->flavour != bfd_target_elf_flavour)
...

backtrace:
...
(gdb) bt
#0  0x0000000000e89dcc in bfd_get_elf_phdr_upper_bound (abfd=0x0)
    at /home/vries/gdb_versions/devel/src/bfd/elf.c:12299
#1  0x000000000084c371 in linux_vsyscall_range_raw (gdbarch=0x358a400,
range=0x2b32000)
    at /home/vries/gdb_versions/devel/src/gdb/linux-tdep.c:2335
#2  0x000000000084c70d in linux_vsyscall_range (gdbarch=0x358a400,
range=0x7fffffffd070)
    at /home/vries/gdb_versions/devel/src/gdb/linux-tdep.c:2412
#3  0x0000000000768c0e in gdbarch_vsyscall_range (gdbarch=0x358a400,
range=0x7fffffffd070)
    at /home/vries/gdb_versions/devel/src/gdb/gdbarch.c:5233
#4  0x0000000000abf5f0 in svr4_current_sos ()
    at /home/vries/gdb_versions/devel/src/gdb/solib-svr4.c:1373
#5  0x0000000000ac7e35 in update_solib_list (from_tty=0)
    at /home/vries/gdb_versions/devel/src/gdb/solib.c:722
#6  0x0000000000ac8419 in solib_add (pattern=0x0, from_tty=0, readsyms=1)
    at /home/vries/gdb_versions/devel/src/gdb/solib.c:959
#7  0x0000000000ac96ed in reload_shared_libraries (ignored=0x0, from_tty=0,
e=0x2acdd20)
    at /home/vries/gdb_versions/devel/src/gdb/solib.c:1377
#8  0x0000000000ac981d in gdb_sysroot_changed (ignored=0x0, from_tty=0,
e=0x2acdd20)
    at /home/vries/gdb_versions/devel/src/gdb/solib.c:1416
#9  0x00000000005cf349 in do_set_command (arg=0x7fffffffe131 "remote:",
from_tty=0, 
    c=0x2acdd20) at
/home/vries/gdb_versions/devel/src/gdb/cli/cli-setshow.c:521
#10 0x0000000000b77f04 in execute_command (p=0x7fffffffe131 "remote:",
from_tty=0)
    at /home/vries/gdb_versions/devel/src/gdb/top.c:666
#11 0x000000000087c5da in catch_command_errors (
    command=0xb779cd <execute_command(char const*, int)>, 
    arg=0x7fffffffe125 "set sysroot remote:", from_tty=0, do_bp_actions=true)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:523
#12 0x000000000087c7b2 in execute_cmdargs (cmdarg_vec=0x7fffffffd760,
file_type=CMDARG_FILE, 
    cmd_type=CMDARG_COMMAND, ret=0x7fffffffd73c)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:618
#13 0x000000000087db9d in captured_main_1 (context=0x7fffffffd9a0)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:1322
#14 0x000000000087ddce in captured_main (data=0x7fffffffd9a0)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:1343
#15 0x000000000087de39 in gdb_main (args=0x7fffffffd9a0)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:1368
#16 0x0000000000417c6e in main (argc=15, argv=0x7fffffffdaa8)
    at /home/vries/gdb_versions/devel/src/gdb/gdb.c:32
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug remote/28360] segfault in bfd_get_elf_phdr_upper_bound

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28360

--- Comment #1 from Tom de Vries <vries at gcc dot gnu.org> ---
With this:
...
diff --git a/gdb/linux-tdep.c b/gdb/linux-tdep.c
index ae2f7c14f6d..d7eaa75a34a 100644
--- a/gdb/linux-tdep.c
+++ b/gdb/linux-tdep.c
@@ -2327,7 +2327,7 @@ linux_vsyscall_range_raw (struct gdbarch *gdbarch, struct
mem_ra
nge *range)
   /* It doesn't make sense to access the host's /proc when debugging a
      core file.  Instead, look for the PT_LOAD segment that matches
      the vDSO.  */
-  if (!target_has_execution ())
+  if (!target_has_execution () && core_bfd != nullptr)
     {
       long phdrs_size;
       int num_phdrs, i;
...
we have instead:
...
(gdb) set sysroot remote:^M
warning: "remote:" is deprecated, use "target:" instead.^M
warning: sysroot set to "target:".^M
warning: unable to open /proc file '/proc/0/task/0/maps'^M
(gdb) PASS: gdb.server/server-exec-info.exp: set sysroot remote:
info files^M
(gdb) FAIL: gdb.server/server-exec-info.exp: info files
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug remote/28360] segfault in bfd_get_elf_phdr_upper_bound

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28360

Tom de Vries <vries at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |palves at sourceware dot org

--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #1)
> With this:
> ...
> diff --git a/gdb/linux-tdep.c b/gdb/linux-tdep.c
> index ae2f7c14f6d..d7eaa75a34a 100644
> --- a/gdb/linux-tdep.c
> +++ b/gdb/linux-tdep.c
> @@ -2327,7 +2327,7 @@ linux_vsyscall_range_raw (struct gdbarch *gdbarch,
> struct mem_ra
> nge *range)
>    /* It doesn't make sense to access the host's /proc when debugging a
>       core file.  Instead, look for the PT_LOAD segment that matches
>       the vDSO.  */
> -  if (!target_has_execution ())
> +  if (!target_has_execution () && core_bfd != nullptr)
>      {
>        long phdrs_size;
>        int num_phdrs, i;
> ...
> we have instead:
> ...
> (gdb) set sysroot remote:^M
> warning: "remote:" is deprecated, use "target:" instead.^M
> warning: sysroot set to "target:".^M
> warning: unable to open /proc file '/proc/0/task/0/maps'^M
> (gdb) PASS: gdb.server/server-exec-info.exp: set sysroot remote:
> info files^M
> (gdb) FAIL: gdb.server/server-exec-info.exp: info files
> ...

Not sure if this is correct, and if this is a fix or a workaround.

-- 
You are receiving this mail because:
You are on the CC list for the bug.