public inbox for gdb-prs@sourceware.org help / color / mirror / Atom feed
From: "vries at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org> To: gdb-prs@sourceware.org Subject: [Bug gdb/29295] New: [gdb] out of bounds access in objfile::section_offset Date: Tue, 28 Jun 2022 06:45:16 +0000 [thread overview] Message-ID: <bug-29295-4717@http.sourceware.org/bugzilla/> (raw) https://sourceware.org/bugzilla/show_bug.cgi?id=29295 Bug ID: 29295 Summary: [gdb] out of bounds access in objfile::section_offset Product: gdb Version: HEAD Status: NEW Severity: normal Priority: P2 Component: gdb Assignee: unassigned at sourceware dot org Reporter: vries at gcc dot gnu.org Target Milestone: --- Using this patch: ... diff --git a/gdb/objfiles.h b/gdb/objfiles.h index a7098b46279..60038e1fb25 100644 --- a/gdb/objfiles.h +++ b/gdb/objfiles.h @@ -598,6 +598,7 @@ struct objfile gdb_assert (section->owner == nullptr || section->owner == this->obfd); int idx = gdb_bfd_section_index (this->obfd, section); + gdb_assert (idx < section_offsets.size ()); return this->section_offsets[idx]; } ... with test-case rtf=gdb.dwarf2/dw2-icc-opaque.exp we run into: ... (gdb) ptype p_struct /home/vries/gdb_versions/devel/src/gdb/objfiles.h:601: internal-error: section_offset: Assertion `idx < section_offsets.size ()' failed. A problem internal to GDB has been detected, further debugging may prove unreliable. ----- Backtrace ----- FAIL: gdb.dwarf2/dw2-icc-opaque.exp: ptype p_struct (GDB internal error) Resyncing due to internal error. 0x57e9b8 gdb_internal_backtrace_1 /home/vries/gdb_versions/devel/src/gdb/bt-utils.c:122 0x57ea5b _Z22gdb_internal_backtracev /home/vries/gdb_versions/devel/src/gdb/bt-utils.c:168 0xc67677 internal_vproblem /home/vries/gdb_versions/devel/src/gdb/utils.c:396 0xc67a46 _Z15internal_verrorPKciS0_P13__va_list_tag /home/vries/gdb_versions/devel/src/gdb/utils.c:476 0x139941a _Z14internal_errorPKciS0_z /home/vries/gdb_versions/devel/src/gdbsupport/errors.cc:55 0x5108c1 _ZNK7objfile14section_offsetEP11bfd_section /home/vries/gdb_versions/devel/src/gdb/objfiles.h:601 0x51090d _ZNK11obj_section6offsetEv /home/vries/gdb_versions/devel/src/gdb/objfiles.h:809 0x51093a _ZNK11obj_section4addrEv /home/vries/gdb_versions/devel/src/gdb/objfiles.h:821 0xb7906d _Z13fixup_sectionP19general_symbol_infomP7objfile /home/vries/gdb_versions/devel/src/gdb/symtab.c:1776 0xb79247 _Z20fixup_symbol_sectionP6symbolP7objfile /home/vries/gdb_versions/devel/src/gdb/symtab.c:1833 0x7044ae var_decode_location /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:20676 0x704e2d new_symbol /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:20882 0x6efcd5 read_variable /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:12622 0x6e595c process_die /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:8716 0x6e7702 read_file_scope /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:9616 0x6e56dd process_die /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:8620 0x6e4e61 process_full_comp_unit /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:8390 0x6e2482 process_queue /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:7636 0x6d446b dw2_do_instantiate_symtab /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:2059 0x6d4514 dw2_instantiate_symtab /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:2081 0x6d971b dw2_expand_symtabs_matching_one /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:3962 0x700458 _ZN22cooked_index_functions23expand_symtabs_matchingEP7objfileN3gdb13function_viewIFbPKcbEEEPK16lookup_name_infoNS3_IFbS5_EEENS3_IFbP15compunit_symtabEEE10enum_flagsI24block_search_flag_valuesE11domain_enum13search_domain /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:18745 0xb5bf67 _ZN7objfile13lookup_symbolE10block_enumPKc11domain_enum /home/vries/gdb_versions/devel/src/gdb/symfile-debug.c:276 0xb7a9aa lookup_symbol_via_quick_fns /home/vries/gdb_versions/devel/src/gdb/symtab.c:2451 0xb7adfc lookup_symbol_in_objfile /home/vries/gdb_versions/devel/src/gdb/symtab.c:2599 0xb7af63 operator() /home/vries/gdb_versions/devel/src/gdb/symtab.c:2665 0xb8680d operator() /home/vries/gdb_versions/devel/src/gdb/../gdbsupport/function-view.h:263 0xb86834 _FUN /home/vries/gdb_versions/devel/src/gdb/../gdbsupport/function-view.h:257 0x95d605 _ZNK3gdb13function_viewIFbP7objfileEEclES2_ /home/vries/gdb_versions/devel/src/gdb/../gdbsupport/function-view.h:247 0xb19295 svr4_iterate_over_objfiles_in_search_order /home/vries/gdb_versions/devel/src/gdb/solib-svr4.c:3167 0x4ce366 _Z45gdbarch_iterate_over_objfiles_in_search_orderP7gdbarchN3gdb13function_viewIFbP7objfileEEES4_ /home/vries/gdb_versions/devel/src/gdb/gdbarch.c:4937 0xb7b0ed lookup_global_or_static_symbol /home/vries/gdb_versions/devel/src/gdb/symtab.c:2662 0xb7b256 _Z20lookup_global_symbolPKcPK5block11domain_enum /home/vries/gdb_versions/devel/src/gdb/symtab.c:2717 0xb7ab83 _ZNK13language_defn22lookup_symbol_nonlocalEPKcPK5block11domain_enum /home/vries/gdb_versions/devel/src/gdb/symtab.c:2520 0xb79f9c lookup_symbol_aux /home/vries/gdb_versions/devel/src/gdb/symtab.c:2170 0xb7974d _Z25lookup_symbol_in_languagePKcPK5block11domain_enum8languageP20field_of_this_result /home/vries/gdb_versions/devel/src/gdb/symtab.c:1965 0xb797c7 _Z13lookup_symbolPKcPK5block11domain_enumP20field_of_this_result /home/vries/gdb_versions/devel/src/gdb/symtab.c:1977 0x59f55b classify_name /home/vries/gdb_versions/devel/src/gdb/c-exp.y:3044 0x59fbf9 c_yylex /home/vries/gdb_versions/devel/src/gdb/c-exp.y:3255 0x5971b8 _Z9c_yyparsev /home/vries/gdb_versions/devel/build/gdb/c-exp.c.tmp:1991 0x5a06d0 _Z7c_parseP12parser_state /home/vries/gdb_versions/devel/src/gdb/c-exp.y:3421 0x85832b _ZNK13language_defn6parserEP12parser_state /home/vries/gdb_versions/devel/src/gdb/language.c:623 0x9774c5 parse_exp_in_context /home/vries/gdb_versions/devel/src/gdb/parse.c:515 0x9776a1 _Z16parse_expressionPKcP23innermost_block_trackerb /home/vries/gdb_versions/devel/src/gdb/parse.c:551 0xc1c58a whatis_exp /home/vries/gdb_versions/devel/src/gdb/typeprint.c:510 0xc1c98e ptype_command /home/vries/gdb_versions/devel/src/gdb/typeprint.c:599 0x5d5853 do_simple_func /home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:95 0x5da43f _Z8cmd_funcP16cmd_list_elementPKci /home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:2514 0xbd5080 _Z15execute_commandPKci /home/vries/gdb_versions/devel/src/gdb/top.c:699 0x75a5b0 _Z15command_handlerPKc /home/vries/gdb_versions/devel/src/gdb/event-top.c:598 0x75aa58 _Z20command_line_handlerOSt10unique_ptrIcN3gdb13xfree_deleterIcEEE /home/vries/gdb_versions/devel/src/gdb/event-top.c:842 0xbfe4bb tui_command_line_handler /home/vries/gdb_versions/devel/src/gdb/tui/tui-interp.c:104 0x759dac gdb_rl_callback_handler /home/vries/gdb_versions/devel/src/gdb/event-top.c:230 0xcf23b1 rl_callback_read_char /home/vries/gdb_versions/devel/src/readline/readline/callback.c:290 0x759c29 gdb_rl_callback_read_char_wrapper_noexcept /home/vries/gdb_versions/devel/src/gdb/event-top.c:188 0x759cb0 gdb_rl_callback_read_char_wrapper /home/vries/gdb_versions/devel/src/gdb/event-top.c:205 0x75a3ff _Z19stdin_event_handleriPv /home/vries/gdb_versions/devel/src/gdb/event-top.c:525 0x139a12b handle_file_event /home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:549 0x139a6b3 gdb_wait_for_event /home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:670 0x13995c2 _Z16gdb_do_one_eventv /home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:235 0x8be045 start_event_loop /home/vries/gdb_versions/devel/src/gdb/main.c:411 0x8be165 captured_command_loop /home/vries/gdb_versions/devel/src/gdb/main.c:471 0x8bf96e captured_main /home/vries/gdb_versions/devel/src/gdb/main.c:1329 0x8bf9d4 _Z8gdb_mainP18captured_main_args /home/vries/gdb_versions/devel/src/gdb/main.c:1344 0x418b3d main /home/vries/gdb_versions/devel/src/gdb/gdb.c:32 ... The same issue is reported by address sanitizer (PR25723 comment 1) and thread sanitizer (PR29286 comment 16), but this is the easiest way to reproduce and investigate. Note that the issue reproduces with: ... $ gdb -q -batch -ex "maint set worker-threads 0" -x outputs/gdb.dwarf2/dw2-icc-opaque/gdb.in.1 ... so it's not related to gdb's multithreading. -- You are receiving this mail because: You are on the CC list for the bug.
next reply other threads:[~2022-06-28 6:45 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-06-28 6:45 vries at gcc dot gnu.org [this message] 2022-06-28 7:16 ` [Bug gdb/29295] " vries at gcc dot gnu.org 2022-06-28 11:59 ` vries at gcc dot gnu.org 2022-06-29 13:14 ` vries at gcc dot gnu.org 2022-06-30 11:12 ` vries at gcc dot gnu.org 2022-06-30 11:18 ` vries at gcc dot gnu.org 2022-06-30 11:20 ` vries at gcc dot gnu.org 2022-07-11 14:55 ` vries at gcc dot gnu.org 2022-07-11 16:19 ` vries at gcc dot gnu.org 2022-07-11 22:24 ` vries at gcc dot gnu.org 2022-07-12 8:01 ` vries at gcc dot gnu.org 2022-07-12 14:17 ` vries at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-29295-4717@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=gdb-prs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).