public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug backtrace/28721] New: Stack buffer overrun in i386_unwind_pc
@ 2021-12-24 13:35 jinoh.kang.kr at gmail dot com
2022-03-01 23:11 ` [Bug backtrace/28721] " tromey at sourceware dot org
2022-03-02 4:14 ` jinoh.kang.kr at gmail dot com
0 siblings, 2 replies; 3+ messages in thread
From: jinoh.kang.kr at gmail dot com @ 2021-12-24 13:35 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=28721
Bug ID: 28721
Summary: Stack buffer overrun in i386_unwind_pc
Product: gdb
Version: HEAD
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: backtrace
Assignee: unassigned at sourceware dot org
Reporter: jinoh.kang.kr at gmail dot com
Target Milestone: ---
Flags: security?
Created attachment 13876
--> https://sourceware.org/bugzilla/attachment.cgi?id=13876&action=edit
Sample program that triggers crash
i386_unwind_pc calls frame_unwind_register with a 8-byte buffer, which can
overrun if a wider register (e.g. [XYZ]MM registers) is specified as the return
address register.
An example debugging session that reproduces the crash:
$ gcc -o test gdb-unwind-pc-overrun.S # from attachment
$ gdb -q ./test
Reading symbols from ./test...
(No debugging symbols found in ./test)
(gdb) start
Temporary breakpoint 1 at 0x401106
Starting program: /home/user/trxu/test
Temporary breakpoint 1, 0x0000000000401106 in main ()
(gdb) stepi # (or bt)
*** stack smashing detected ***: terminated
Aborted (core dumped)
This bug should be trivial to fix: use frame_unwind_register_unsigned instead
(unless there are semantic differences between frame_unwind_register and
frame_unwind_register_unsigned that I missed).
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug backtrace/28721] Stack buffer overrun in i386_unwind_pc
2021-12-24 13:35 [Bug backtrace/28721] New: Stack buffer overrun in i386_unwind_pc jinoh.kang.kr at gmail dot com
@ 2022-03-01 23:11 ` tromey at sourceware dot org
2022-03-02 4:14 ` jinoh.kang.kr at gmail dot com
1 sibling, 0 replies; 3+ messages in thread
From: tromey at sourceware dot org @ 2022-03-01 23:11 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=28721
Tom Tromey <tromey at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tromey at sourceware dot org
--- Comment #1 from Tom Tromey <tromey at sourceware dot org> ---
Hi. Would you consider sending a patch to gdb-patches?
Also, is this something that's actually used? Or just a
sort of theoretical bug?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug backtrace/28721] Stack buffer overrun in i386_unwind_pc
2021-12-24 13:35 [Bug backtrace/28721] New: Stack buffer overrun in i386_unwind_pc jinoh.kang.kr at gmail dot com
2022-03-01 23:11 ` [Bug backtrace/28721] " tromey at sourceware dot org
@ 2022-03-02 4:14 ` jinoh.kang.kr at gmail dot com
1 sibling, 0 replies; 3+ messages in thread
From: jinoh.kang.kr at gmail dot com @ 2022-03-02 4:14 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=28721
--- Comment #2 from Jinoh Kang <jinoh.kang.kr at gmail dot com> ---
(In reply to Tom Tromey from comment #1)
> Hi. Would you consider sending a patch to gdb-patches?
Not sure about the most optimal approach, but I'll try.
> Also, is this something that's actually used? Or just a
> sort of theoretical bug?
Simply compile and debug the attached program to reproduce the crash.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-03-02 4:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-24 13:35 [Bug backtrace/28721] New: Stack buffer overrun in i386_unwind_pc jinoh.kang.kr at gmail dot com
2022-03-01 23:11 ` [Bug backtrace/28721] " tromey at sourceware dot org
2022-03-02 4:14 ` jinoh.kang.kr at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).