From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id B66ED3858402; Tue, 21 Sep 2021 11:18:35 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B66ED3858402
From: "vries at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug remote/28360] New: segfault in bfd_get_elf_phdr_upper_bound
Date: Tue, 21 Sep 2021 11:18:35 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gdb
X-Bugzilla-Component: remote
X-Bugzilla-Version: HEAD
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: vries at gcc dot gnu.org
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-28360-4717@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gdb-prs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-prs mailing list <gdb-prs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-prs>,
 <mailto:gdb-prs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-prs/>
List-Help: <mailto:gdb-prs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-prs>,
 <mailto:gdb-prs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Sep 2021 11:18:35 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D28360

            Bug ID: 28360
           Summary: segfault in bfd_get_elf_phdr_upper_bound
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: remote
          Assignee: unassigned at sourceware dot org
          Reporter: vries at gcc dot gnu.org
  Target Milestone: ---

While investigating PR28355, I decided to emulate the gdbserver internal er=
ror
by doing:
...
diff --git a/gdbserver/regcache.cc b/gdbserver/regcache.cc
index 312f14ee9dd..de664cfc987 100644
--- a/gdbserver/regcache.cc
+++ b/gdbserver/regcache.cc
@@ -252,7 +252,7 @@ find_regno (const struct target_desc *tdesc, const char
*name)
   for (int i =3D 0; i < tdesc->reg_defs.size (); ++i)
     {
       if (strcmp (name, find_register_by_number (tdesc, i).name) =3D=3D 0)
-       return i;
+       {}
     }
   internal_error (__FILE__, __LINE__, "Unknown register %s requested",
                  name);
...
and ran gdb.server/*.exp.

Annoyingly, a few times we report "ERROR: GDB process no longer exists" whi=
le
in fact GDB is alive, and it's just the gdbserver that crashed.

This is due to running gdb_test_multiple with the gdb_spawn_id set to the
spawn_id of the gdbserver, which looks wrong.

Anyway, there is an actual gdb crash in test-case
gdb.server/server-exec-info.exp:
...
(gdb) builtin_spawn
/home/vries/gdb_versions/devel/build/gdb/testsuite/../../gdb/../gdbserver/g=
dbserver
--once localhost:2403
/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.server/serve=
r-exec-info/server-exec-info^M
Process
/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.server/serve=
r-exec-info/server-exec-info
created; pid =3D 2570^M
Listening on port 2403^M
target remote localhost:2403^M
Remote debugging using localhost:2403^M
Remote connection closed^M
(gdb) set sysroot remote:^M
warning: "remote:" is deprecated, use "target:" instead.^M
warning: sysroot set to "target:".^M
^M
^M
Fatal signal: Segmentation fault^M
...

In more detail:
...
Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
0x0000000000e89dcc in bfd_get_elf_phdr_upper_bound (abfd=3D0x0)
    at /home/vries/gdb_versions/devel/src/bfd/elf.c:12299
12299     if (abfd->xvec->flavour !=3D bfd_target_elf_flavour)
...

backtrace:
...
(gdb) bt
#0  0x0000000000e89dcc in bfd_get_elf_phdr_upper_bound (abfd=3D0x0)
    at /home/vries/gdb_versions/devel/src/bfd/elf.c:12299
#1  0x000000000084c371 in linux_vsyscall_range_raw (gdbarch=3D0x358a400,
range=3D0x2b32000)
    at /home/vries/gdb_versions/devel/src/gdb/linux-tdep.c:2335
#2  0x000000000084c70d in linux_vsyscall_range (gdbarch=3D0x358a400,
range=3D0x7fffffffd070)
    at /home/vries/gdb_versions/devel/src/gdb/linux-tdep.c:2412
#3  0x0000000000768c0e in gdbarch_vsyscall_range (gdbarch=3D0x358a400,
range=3D0x7fffffffd070)
    at /home/vries/gdb_versions/devel/src/gdb/gdbarch.c:5233
#4  0x0000000000abf5f0 in svr4_current_sos ()
    at /home/vries/gdb_versions/devel/src/gdb/solib-svr4.c:1373
#5  0x0000000000ac7e35 in update_solib_list (from_tty=3D0)
    at /home/vries/gdb_versions/devel/src/gdb/solib.c:722
#6  0x0000000000ac8419 in solib_add (pattern=3D0x0, from_tty=3D0, readsyms=
=3D1)
    at /home/vries/gdb_versions/devel/src/gdb/solib.c:959
#7  0x0000000000ac96ed in reload_shared_libraries (ignored=3D0x0, from_tty=
=3D0,
e=3D0x2acdd20)
    at /home/vries/gdb_versions/devel/src/gdb/solib.c:1377
#8  0x0000000000ac981d in gdb_sysroot_changed (ignored=3D0x0, from_tty=3D0,
e=3D0x2acdd20)
    at /home/vries/gdb_versions/devel/src/gdb/solib.c:1416
#9  0x00000000005cf349 in do_set_command (arg=3D0x7fffffffe131 "remote:",
from_tty=3D0,=20
    c=3D0x2acdd20) at
/home/vries/gdb_versions/devel/src/gdb/cli/cli-setshow.c:521
#10 0x0000000000b77f04 in execute_command (p=3D0x7fffffffe131 "remote:",
from_tty=3D0)
    at /home/vries/gdb_versions/devel/src/gdb/top.c:666
#11 0x000000000087c5da in catch_command_errors (
    command=3D0xb779cd <execute_command(char const*, int)>,=20
    arg=3D0x7fffffffe125 "set sysroot remote:", from_tty=3D0, do_bp_actions=
=3Dtrue)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:523
#12 0x000000000087c7b2 in execute_cmdargs (cmdarg_vec=3D0x7fffffffd760,
file_type=3DCMDARG_FILE,=20
    cmd_type=3DCMDARG_COMMAND, ret=3D0x7fffffffd73c)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:618
#13 0x000000000087db9d in captured_main_1 (context=3D0x7fffffffd9a0)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:1322
#14 0x000000000087ddce in captured_main (data=3D0x7fffffffd9a0)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:1343
#15 0x000000000087de39 in gdb_main (args=3D0x7fffffffd9a0)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:1368
#16 0x0000000000417c6e in main (argc=3D15, argv=3D0x7fffffffdaa8)
    at /home/vries/gdb_versions/devel/src/gdb/gdb.c:32
...

--=20
You are receiving this mail because:
You are on the CC list for the bug.=