[Bug gdb/29295] New: [gdb] out of bounds access in objfile::section_offset

[Bug gdb/29295] New: [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

            Bug ID: 29295
           Summary: [gdb] out of bounds access in objfile::section_offset
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: vries at gcc dot gnu.org
  Target Milestone: ---

Using this patch:
...
diff --git a/gdb/objfiles.h b/gdb/objfiles.h
index a7098b46279..60038e1fb25 100644
--- a/gdb/objfiles.h
+++ b/gdb/objfiles.h
@@ -598,6 +598,7 @@ struct objfile
     gdb_assert (section->owner == nullptr || section->owner == this->obfd);

     int idx = gdb_bfd_section_index (this->obfd, section);
+    gdb_assert (idx < section_offsets.size ());
     return this->section_offsets[idx];
   }

...
with test-case rtf=gdb.dwarf2/dw2-icc-opaque.exp we run into:
...
(gdb) ptype p_struct
/home/vries/gdb_versions/devel/src/gdb/objfiles.h:601: internal-error:
section_offset: Assertion `idx < section_offsets.size ()' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
----- Backtrace -----
FAIL: gdb.dwarf2/dw2-icc-opaque.exp: ptype p_struct (GDB internal error)
Resyncing due to internal error.
0x57e9b8 gdb_internal_backtrace_1
        /home/vries/gdb_versions/devel/src/gdb/bt-utils.c:122
0x57ea5b _Z22gdb_internal_backtracev
        /home/vries/gdb_versions/devel/src/gdb/bt-utils.c:168
0xc67677 internal_vproblem
        /home/vries/gdb_versions/devel/src/gdb/utils.c:396
0xc67a46 _Z15internal_verrorPKciS0_P13__va_list_tag
        /home/vries/gdb_versions/devel/src/gdb/utils.c:476
0x139941a _Z14internal_errorPKciS0_z
        /home/vries/gdb_versions/devel/src/gdbsupport/errors.cc:55
0x5108c1 _ZNK7objfile14section_offsetEP11bfd_section
        /home/vries/gdb_versions/devel/src/gdb/objfiles.h:601
0x51090d _ZNK11obj_section6offsetEv
        /home/vries/gdb_versions/devel/src/gdb/objfiles.h:809
0x51093a _ZNK11obj_section4addrEv
        /home/vries/gdb_versions/devel/src/gdb/objfiles.h:821
0xb7906d _Z13fixup_sectionP19general_symbol_infomP7objfile
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:1776
0xb79247 _Z20fixup_symbol_sectionP6symbolP7objfile
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:1833
0x7044ae var_decode_location
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:20676
0x704e2d new_symbol
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:20882
0x6efcd5 read_variable
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:12622
0x6e595c process_die
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:8716
0x6e7702 read_file_scope
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:9616
0x6e56dd process_die
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:8620
0x6e4e61 process_full_comp_unit
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:8390
0x6e2482 process_queue
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:7636
0x6d446b dw2_do_instantiate_symtab
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:2059
0x6d4514 dw2_instantiate_symtab
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:2081
0x6d971b dw2_expand_symtabs_matching_one
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:3962
0x700458
_ZN22cooked_index_functions23expand_symtabs_matchingEP7objfileN3gdb13function_viewIFbPKcbEEEPK16lookup_name_infoNS3_IFbS5_EEENS3_IFbP15compunit_symtabEEE10enum_flagsI24block_search_flag_valuesE11domain_enum13search_domain
        /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:18745
0xb5bf67 _ZN7objfile13lookup_symbolE10block_enumPKc11domain_enum
        /home/vries/gdb_versions/devel/src/gdb/symfile-debug.c:276
0xb7a9aa lookup_symbol_via_quick_fns
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:2451
0xb7adfc lookup_symbol_in_objfile
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:2599
0xb7af63 operator()
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:2665
0xb8680d operator()
       
/home/vries/gdb_versions/devel/src/gdb/../gdbsupport/function-view.h:263
0xb86834 _FUN
       
/home/vries/gdb_versions/devel/src/gdb/../gdbsupport/function-view.h:257
0x95d605 _ZNK3gdb13function_viewIFbP7objfileEEclES2_
       
/home/vries/gdb_versions/devel/src/gdb/../gdbsupport/function-view.h:247
0xb19295 svr4_iterate_over_objfiles_in_search_order
        /home/vries/gdb_versions/devel/src/gdb/solib-svr4.c:3167
0x4ce366
_Z45gdbarch_iterate_over_objfiles_in_search_orderP7gdbarchN3gdb13function_viewIFbP7objfileEEES4_
        /home/vries/gdb_versions/devel/src/gdb/gdbarch.c:4937
0xb7b0ed lookup_global_or_static_symbol
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:2662
0xb7b256 _Z20lookup_global_symbolPKcPK5block11domain_enum
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:2717
0xb7ab83 _ZNK13language_defn22lookup_symbol_nonlocalEPKcPK5block11domain_enum
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:2520
0xb79f9c lookup_symbol_aux
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:2170
0xb7974d
_Z25lookup_symbol_in_languagePKcPK5block11domain_enum8languageP20field_of_this_result
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:1965
0xb797c7 _Z13lookup_symbolPKcPK5block11domain_enumP20field_of_this_result
        /home/vries/gdb_versions/devel/src/gdb/symtab.c:1977
0x59f55b classify_name
        /home/vries/gdb_versions/devel/src/gdb/c-exp.y:3044
0x59fbf9 c_yylex
        /home/vries/gdb_versions/devel/src/gdb/c-exp.y:3255
0x5971b8 _Z9c_yyparsev
        /home/vries/gdb_versions/devel/build/gdb/c-exp.c.tmp:1991
0x5a06d0 _Z7c_parseP12parser_state
        /home/vries/gdb_versions/devel/src/gdb/c-exp.y:3421
0x85832b _ZNK13language_defn6parserEP12parser_state
        /home/vries/gdb_versions/devel/src/gdb/language.c:623
0x9774c5 parse_exp_in_context
        /home/vries/gdb_versions/devel/src/gdb/parse.c:515
0x9776a1 _Z16parse_expressionPKcP23innermost_block_trackerb
        /home/vries/gdb_versions/devel/src/gdb/parse.c:551
0xc1c58a whatis_exp
        /home/vries/gdb_versions/devel/src/gdb/typeprint.c:510
0xc1c98e ptype_command
        /home/vries/gdb_versions/devel/src/gdb/typeprint.c:599
0x5d5853 do_simple_func
        /home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:95
0x5da43f _Z8cmd_funcP16cmd_list_elementPKci
        /home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:2514
0xbd5080 _Z15execute_commandPKci
        /home/vries/gdb_versions/devel/src/gdb/top.c:699
0x75a5b0 _Z15command_handlerPKc
        /home/vries/gdb_versions/devel/src/gdb/event-top.c:598
0x75aa58 _Z20command_line_handlerOSt10unique_ptrIcN3gdb13xfree_deleterIcEEE
        /home/vries/gdb_versions/devel/src/gdb/event-top.c:842
0xbfe4bb tui_command_line_handler
        /home/vries/gdb_versions/devel/src/gdb/tui/tui-interp.c:104
0x759dac gdb_rl_callback_handler
        /home/vries/gdb_versions/devel/src/gdb/event-top.c:230
0xcf23b1 rl_callback_read_char
        /home/vries/gdb_versions/devel/src/readline/readline/callback.c:290
0x759c29 gdb_rl_callback_read_char_wrapper_noexcept
        /home/vries/gdb_versions/devel/src/gdb/event-top.c:188
0x759cb0 gdb_rl_callback_read_char_wrapper
        /home/vries/gdb_versions/devel/src/gdb/event-top.c:205
0x75a3ff _Z19stdin_event_handleriPv
        /home/vries/gdb_versions/devel/src/gdb/event-top.c:525
0x139a12b handle_file_event
        /home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:549
0x139a6b3 gdb_wait_for_event
        /home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:670
0x13995c2 _Z16gdb_do_one_eventv
        /home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:235
0x8be045 start_event_loop
        /home/vries/gdb_versions/devel/src/gdb/main.c:411
0x8be165 captured_command_loop
        /home/vries/gdb_versions/devel/src/gdb/main.c:471
0x8bf96e captured_main
        /home/vries/gdb_versions/devel/src/gdb/main.c:1329
0x8bf9d4 _Z8gdb_mainP18captured_main_args
        /home/vries/gdb_versions/devel/src/gdb/main.c:1344
0x418b3d main
        /home/vries/gdb_versions/devel/src/gdb/gdb.c:32
...

The same issue is reported by address sanitizer (PR25723 comment 1) and thread
sanitizer (PR29286 comment 16), but this is the easiest way to reproduce and
investigate.

Note that the issue reproduces with:
...
$ gdb -q -batch -ex "maint set worker-threads 0" -x
outputs/gdb.dwarf2/dw2-icc-opaque/gdb.in.1
...
so it's not related to gdb's multithreading.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #1 from Tom de Vries <vries at gcc dot gnu.org> ---
Say we set a breakpoint in gdb_bfd_section_index at the return here:
...
  else if (section == bfd_ind_section_ptr)
    return bfd_count_sections (abfd) + 3;
...

When stopped there we see:
...
(gdb) p abfd.section_count
$4 = 6
(gdb) p bfd_count_sections (abfd)
$1 = 6
(gdb) p gdb_bfd_count_sections (abfd)
$5 = 10
...
so we use index 9 to get the ind section, which falls in the 0..9 range of the
10 sections counted by gdb.

Now set a watchpoint on the bfd section count:
...
(gdb) watch -l abfd.section_count
Hardware watchpoint 2: -location abfd.section_count
...
and we see:
...
Old value = 6
New value = 7
bfd_section_init (abfd=0x2cc7100, newsect=0x361f758) at
/home/vries/gdb_versions/devel/src/bfd/section.c:834
834       bfd_section_list_append (abfd, newsect);
...
and:
...
(gdb) bt
#0  bfd_section_init (abfd=0x2cc7100, newsect=0x361f758)
    at /home/vries/gdb_versions/devel/src/bfd/section.c:834
#1  0x0000000000ebccb7 in bfd_make_section_old_way (abfd=0x2cc7100,
name=0x2147c87 "COMMON")
    at /home/vries/gdb_versions/devel/src/bfd/section.c:1122
#2  0x0000000001356804 in _bfd_generic_link_add_one_symbol
(info=0x7fffffffc770, 
    abfd=0x2cc7100, name=0x3629cd9 "p_struct", flags=65536, 
    section=0x28dd940 <_bfd_std_section>, value=8, string=0x3629cd9 "p_struct",
copy=false, 
    collect=false, hashp=0x7fffffffc5a8)
    at /home/vries/gdb_versions/devel/src/bfd/linker.c:1606
#3  0x0000000001355fe3 in generic_link_add_symbol_list (abfd=0x2cc7100,
info=0x7fffffffc770, 
    symbol_count=14, symbols=0x3629ce8)
    at /home/vries/gdb_versions/devel/src/bfd/linker.c:1195
#4  0x00000000013557e3 in generic_link_add_object_symbols (abfd=0x2cc7100, 
    info=0x7fffffffc770) at /home/vries/gdb_versions/devel/src/bfd/linker.c:888
#5  0x000000000135574c in _bfd_generic_link_add_symbols (abfd=0x2cc7100,
info=0x7fffffffc770)
    at /home/vries/gdb_versions/devel/src/bfd/linker.c:861
#6  0x0000000000ebd9f9 in bfd_simple_get_relocated_section_contents
(abfd=0x2cc7100, 
    sec=0x361f3c8, 
    outbuf=0x3628020
"``\021\006\212r\003\305\031\030\030\030\341J\205\031a\202̼\f\026\\
]@\245*\f\334\334vhJ\221\365\003", symbol_table=0x0)
    at /home/vries/gdb_versions/devel/src/bfd/simple.c:289
#7  0x0000000000b67300 in default_symfile_relocate (objfile=0x2cc4bf0,
sectp=0x361f3c8, 
    buf=0x3628020
"``\021\006\212r\003\305\031\030\030\030\341J\205\031a\202̼\f\026\\
]@\245*\f\334\334vhJ\221\365\003") at
/home/vries/gdb_versions/devel/src/gdb/symfile.c:3583
#8  0x0000000000b67376 in symfile_relocate_debug_section (objfile=0x2cc4bf0, 
    sectp=0x361f3c8, 
    buf=0x3628020
"``\021\006\212r\003\305\031\030\030\030\341J\205\031a\202̼\f\026\\
]@\245*\f\334\334vhJ\221\365\003") at
/home/vries/gdb_versions/devel/src/gdb/symfile.c:3606
#9  0x0000000000749cb2 in dwarf2_section_info::read (this=0x362ab60,
objfile=0x2cc4bf0)
    at /home/vries/gdb_versions/devel/src/gdb/dwarf2/section.c:174
#10 0x00000000006d3f67 in dwarf2_per_bfd::map_info_sections (this=0x362ab00, 
    objfile=0x2cc4bf0) at
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:1769
#11 0x00000000006e0ce6 in dwarf2_build_psymtabs_hard (per_objfile=0x2b2b2e0)
    at /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:7081
#12 0x00000000006dcdcd in dwarf2_build_psymtabs (objfile=0x2cc4bf0)
    at /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:5374
#13 0x00000000007186cb in cooked_index_functions::read_partial_symbols
(this=0x362af30, 
    objfile=0x2cc4bf0) at
/home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:18522
#14 0x0000000000b5cfce in objfile::require_partial_symbols (this=0x2cc4bf0,
verbose=false)
    at /home/vries/gdb_versions/devel/src/gdb/symfile-debug.c:541
#15 0x0000000000b606bb in read_symbols (objfile=0x2cc4bf0, add_flags=...)
    at /home/vries/gdb_versions/devel/src/gdb/symfile.c:795
#16 0x0000000000b60bcf in syms_from_objfile_1 (objfile=0x2cc4bf0,
addrs=0x7fffffffcd50, 
    add_flags=...) at /home/vries/gdb_versions/devel/src/gdb/symfile.c:968
#17 0x0000000000b60c97 in syms_from_objfile (objfile=0x2cc4bf0, addrs=0x0,
add_flags=...)
    at /home/vries/gdb_versions/devel/src/gdb/symfile.c:985
#18 0x0000000000b6116a in symbol_file_add_with_addrs (abfd=0x2cc7100, 
    name=0x2c5e140
"/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.dwarf2/dw2-icc-opaque/dw2-icc-opaque",
add_flags=..., addrs=0x0, flags=..., parent=0x0)
    at /home/vries/gdb_versions/devel/src/gdb/symfile.c:1088
#19 0x0000000000b614e4 in symbol_file_add_from_bfd (abfd=0x2cc7100, 
    name=0x2c5e140
"/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.dwarf2/dw2-icc-opaque/dw2-icc-opaque",
add_flags=..., addrs=0x0, flags=..., parent=0x0)
    at /home/vries/gdb_versions/devel/src/gdb/symfile.c:1169
#20 0x0000000000b6153e in symbol_file_add (
    name=0x2c5e140
"/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.dwarf2/dw2-icc-opaque/dw2-icc-opaque",
add_flags=..., addrs=0x0, flags=...)
    at /home/vries/gdb_versions/devel/src/gdb/symfile.c:1182
#21 0x0000000000b61603 in symbol_file_add_main_1 (
    args=0x2c5e140
"/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.dwarf2/dw2-icc-opaque/dw2-icc-opaque",
add_flags=..., flags=..., reloff=0)
    at /home/vries/gdb_versions/devel/src/gdb/symfile.c:1205
#22 0x0000000000b628c6 in symbol_file_command (
    args=0x2c9d6e5
"/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.dwarf2/dw2-icc-opaque/dw2-icc-opaque",
from_tty=0)
    at /home/vries/gdb_versions/devel/src/gdb/symfile.c:1653
#23 0x000000000075d65e in file_command (
    arg=0x2c9d6e5
"/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.dwarf2/dw2-icc-opaque/dw2-icc-opaque",
from_tty=0) at /home/vries/gdb_versions/devel/src/gdb/exec.c:555
#24 0x00000000005d5854 in do_simple_func (
    args=0x2c9d6e5
"/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.dwarf2/dw2-icc-opaque/dw2-icc-opaque",
from_tty=0, c=0x2b1bb90)
    at /home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:95
#25 0x00000000005da440 in cmd_func (cmd=0x2b1bb90, 
    args=0x2c9d6e5
"/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.dwarf2/dw2-icc-opaque/dw2-icc-opaque",
from_tty=0)
    at /home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:2514
#26 0x0000000000bd5081 in execute_command (p=0x2c9d747 "e", from_tty=0)
    at /home/vries/gdb_versions/devel/src/gdb/top.c:699
#27 0x000000000075a5b1 in command_handler (
    command=0x2c9d6e0 "file
/home/vries/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.dwarf2/dw2-icc-opaque/dw2-icc-opaque")
at /home/vries/gdb_versions/devel/src/gdb/event-top.c:598
#28 0x0000000000bd48bb in read_command_file (stream=0x293e2a0)
    at /home/vries/gdb_versions/devel/src/gdb/top.c:468
#29 0x00000000005ee481 in script_from_file (stream=0x293e2a0, 
    file=0x7fffffffe144 "outputs/gdb.dwarf2/dw2-icc-opaque/gdb.in.1")
    at /home/vries/gdb_versions/devel/src/gdb/cli/cli-script.c:1625
#30 0x00000000005cd063 in source_script_from_stream (stream=0x293e2a0, 
    file=0x7fffffffe144 "outputs/gdb.dwarf2/dw2-icc-opaque/gdb.in.1", 
    file_to_open=0x2c19470 "outputs/gdb.dwarf2/dw2-icc-opaque/gdb.in.1")
    at /home/vries/gdb_versions/devel/src/gdb/cli/cli-cmds.c:715
#31 0x00000000005cd1b8 in source_script_with_search (
    file=0x7fffffffe144 "outputs/gdb.dwarf2/dw2-icc-opaque/gdb.in.1",
from_tty=0, 
    search_path=0) at /home/vries/gdb_versions/devel/src/gdb/cli/cli-cmds.c:760
#32 0x00000000005cd234 in source_script (
    file=0x7fffffffe144 "outputs/gdb.dwarf2/dw2-icc-opaque/gdb.in.1",
from_tty=0)
    at /home/vries/gdb_versions/devel/src/gdb/cli/cli-cmds.c:769
#33 0x00000000008be20e in catch_command_errors (
    command=0x5cd20f <source_script(char const*, int)>, 
    arg=0x7fffffffe144 "outputs/gdb.dwarf2/dw2-icc-opaque/gdb.in.1",
from_tty=0, 
    do_bp_actions=false) at /home/vries/gdb_versions/devel/src/gdb/main.c:513
#34 0x00000000008be3a9 in execute_cmdargs (cmdarg_vec=0x7fffffffd780,
file_type=CMDARG_FILE, 
    cmd_type=CMDARG_COMMAND, ret=0x7fffffffd75c)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:605
#35 0x00000000008bf767 in captured_main_1 (context=0x7fffffffd9c0)
--Type <RET> for more, q to quit, c to continue without paging--
    at /home/vries/gdb_versions/devel/src/gdb/main.c:1298
#36 0x00000000008bf96a in captured_main (data=0x7fffffffd9c0)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:1319
#37 0x00000000008bf9d5 in gdb_main (args=0x7fffffffd9c0)
    at /home/vries/gdb_versions/devel/src/gdb/main.c:1344
#38 0x0000000000418b3e in main (argc=14, argv=0x7fffffffdad8)
    at /home/vries/gdb_versions/devel/src/gdb/gdb.c:32
...

Continuing, we run into the original breakpoint:
...
Thread 1 "gdb" hit Breakpoint 1, gdb_bfd_section_index (abfd=0x2cc7100,
section=0x28ddc88 <_bfd_std_section+840>) at
/home/vries/gdb_versions/devel/src/gdb/gdb_bfd.c:1013
1013        return bfd_count_sections (abfd) + 3;
...
which now returns index 10.

But the section_offsets vector did not get an entry added for the new common
section:
...
(gdb) p section_offsets.size ()
$7 = 10
...
so we're accessing out of bounds.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
This fixes the assert:
...
diff --git a/gdb/symfile.c b/gdb/symfile.c
index 6f546f5b059..04b00a0ec9b 100644
--- a/gdb/symfile.c
+++ b/gdb/symfile.c
@@ -3579,8 +3579,12 @@ default_symfile_relocate (struct objfile *objfile,
asection *se
ctp,
       sect->output_section = sect;
       sect->output_offset = 0;
     }
-
-  return bfd_simple_get_relocated_section_contents (abfd, sectp, buf, NULL);
+  int old = bfd_count_sections (abfd);
+  bfd_byte *res = bfd_simple_get_relocated_section_contents (abfd, sectp, buf,
NULL
);
+  for (int i = old; i < bfd_count_sections (abfd); ++i)
+    objfile->section_offsets.insert (objfile->section_offsets.begin () + i,
+                                    (CORE_ADDR)0);
+  return res;
 }

 /* Relocate the contents of a debug section SECTP in ABFD.  The
...

I'm not sure if (CORE_ADDR)0 is the right value, but I'm not sure where to find
a better value.

Also, I suppose more data need updating than just section_offsets.

Finally, I'm not sure if this is a good place to fix it.  Maybe we should
define a _new_section_hook and use that instead?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #3 from Tom de Vries <vries at gcc dot gnu.org> ---
It'll be worthwhile to compile with the patch adding the assert, run the
test-suite and see which test-cases are affected.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #4 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #3)
> It'll be worthwhile to compile with the patch adding the assert, run the
> test-suite and see which test-cases are affected.

$ grep ^FAIL: gdb.sum
FAIL: gdb.base/readline-ask.exp: bell for more message (GDB internal error)
FAIL: gdb.base/symbol-without-target_section.exp: print
symbol_without_target_section (GDB internal error)
FAIL: gdb.dwarf2/dw2-icc-opaque.exp: ptype p_struct (GDB internal error)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #5 from Tom de Vries <vries at gcc dot gnu.org> ---
*** Bug 25724 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #6 from Tom de Vries <vries at gcc dot gnu.org> ---
*** Bug 25723 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #7 from Tom de Vries <vries at gcc dot gnu.org> ---
Created attachment 14203
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14203&action=edit
WIP patch

I'm now trying a less ambitious approach.

Rather than trying to completely accommodate the newly created section, just
try to get the indexing right for the old sections.

So, if we start out with 6 bfd sections, meaning 10 gdb sections, then the ind
section is at 9.

Then a new bfd section is added, and now it's ambiguous: does 9 refer to the
ind section (6+3), or the abs section (7+2)?

We try to resolve this ambiguity by making gdb_bfd_section_index independent
from bfd_count_sections:
...
   else if (section == bfd_com_section_ptr)
-    return bfd_count_sections (abfd);
+    return INT_MAX - 3;
   else if (section == bfd_und_section_ptr)
-    return bfd_count_sections (abfd) + 1;
+    return INT_MAX - 2;
   else if (section == bfd_abs_section_ptr)
-    return bfd_count_sections (abfd) + 2;
+    return INT_MAX - 1;
   else if (section == bfd_ind_section_ptr)
-    return bfd_count_sections (abfd) + 3;
+    return INT_MAX;
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #8 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #7)
> Created attachment 14203 [details]
> WIP patch
> 

Well, it passes testing.

It just that it's hard to make sure that the patch is complete.

I tried a bit with making gdb_bfd_section_index return a
gdb_bfd_section_index_t which is defined as:
...
   enum class gdb_bfd_section_index_t : int {};
...
such that we always known whether we have a bfd section or a gdb_bfd section
index, but that looks like a lot of changes.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #9 from Tom de Vries <vries at gcc dot gnu.org> ---
Created attachment 14204
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14204&action=edit
tentative patch

Another approach, using a side table.

Roughly the idea is to save bfd_section_count the first time is used, and then
reuse it afterwards.  If bfd_section_count is increased, it doesn't affect
gdb_bfd_section_count.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #10 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #9)
> Created attachment 14204 [details]
> tentative patch
> 
> Another approach, using a side table.
> 
> Roughly the idea is to save bfd_section_count the first time is used, and
> then reuse it afterwards.  If bfd_section_count is increased, it doesn't
> affect gdb_bfd_section_count.

https://sourceware.org/pipermail/gdb-patches/2022-July/190658.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/29295] [gdb] out of bounds access in objfile::section_offset

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29295

--- Comment #11 from Tom de Vries <vries at gcc dot gnu.org> ---
Asked question at
https://lists.gnu.org/archive/html/bug-binutils/2022-07/msg00103.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.