From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id C8764383DBB3; Tue, 28 Jun 2022 06:45:16 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C8764383DBB3 From: "vries at gcc dot gnu.org" To: gdb-prs@sourceware.org Subject: [Bug gdb/29295] New: [gdb] out of bounds access in objfile::section_offset Date: Tue, 28 Jun 2022 06:45:16 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: gdb X-Bugzilla-Version: HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: vries at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gdb-prs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-prs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2022 06:45:16 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D29295 Bug ID: 29295 Summary: [gdb] out of bounds access in objfile::section_offset Product: gdb Version: HEAD Status: NEW Severity: normal Priority: P2 Component: gdb Assignee: unassigned at sourceware dot org Reporter: vries at gcc dot gnu.org Target Milestone: --- Using this patch: ... diff --git a/gdb/objfiles.h b/gdb/objfiles.h index a7098b46279..60038e1fb25 100644 --- a/gdb/objfiles.h +++ b/gdb/objfiles.h @@ -598,6 +598,7 @@ struct objfile gdb_assert (section->owner =3D=3D nullptr || section->owner =3D=3D thi= s->obfd); int idx =3D gdb_bfd_section_index (this->obfd, section); + gdb_assert (idx < section_offsets.size ()); return this->section_offsets[idx]; } ... with test-case rtf=3Dgdb.dwarf2/dw2-icc-opaque.exp we run into: ... (gdb) ptype p_struct /home/vries/gdb_versions/devel/src/gdb/objfiles.h:601: internal-error: section_offset: Assertion `idx < section_offsets.size ()' failed. A problem internal to GDB has been detected, further debugging may prove unreliable. ----- Backtrace ----- FAIL: gdb.dwarf2/dw2-icc-opaque.exp: ptype p_struct (GDB internal error) Resyncing due to internal error. 0x57e9b8 gdb_internal_backtrace_1 /home/vries/gdb_versions/devel/src/gdb/bt-utils.c:122 0x57ea5b _Z22gdb_internal_backtracev /home/vries/gdb_versions/devel/src/gdb/bt-utils.c:168 0xc67677 internal_vproblem /home/vries/gdb_versions/devel/src/gdb/utils.c:396 0xc67a46 _Z15internal_verrorPKciS0_P13__va_list_tag /home/vries/gdb_versions/devel/src/gdb/utils.c:476 0x139941a _Z14internal_errorPKciS0_z /home/vries/gdb_versions/devel/src/gdbsupport/errors.cc:55 0x5108c1 _ZNK7objfile14section_offsetEP11bfd_section /home/vries/gdb_versions/devel/src/gdb/objfiles.h:601 0x51090d _ZNK11obj_section6offsetEv /home/vries/gdb_versions/devel/src/gdb/objfiles.h:809 0x51093a _ZNK11obj_section4addrEv /home/vries/gdb_versions/devel/src/gdb/objfiles.h:821 0xb7906d _Z13fixup_sectionP19general_symbol_infomP7objfile /home/vries/gdb_versions/devel/src/gdb/symtab.c:1776 0xb79247 _Z20fixup_symbol_sectionP6symbolP7objfile /home/vries/gdb_versions/devel/src/gdb/symtab.c:1833 0x7044ae var_decode_location /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:20676 0x704e2d new_symbol /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:20882 0x6efcd5 read_variable /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:12622 0x6e595c process_die /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:8716 0x6e7702 read_file_scope /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:9616 0x6e56dd process_die /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:8620 0x6e4e61 process_full_comp_unit /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:8390 0x6e2482 process_queue /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:7636 0x6d446b dw2_do_instantiate_symtab /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:2059 0x6d4514 dw2_instantiate_symtab /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:2081 0x6d971b dw2_expand_symtabs_matching_one /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:3962 0x700458 _ZN22cooked_index_functions23expand_symtabs_matchingEP7objfileN3gdb13functi= on_viewIFbPKcbEEEPK16lookup_name_infoNS3_IFbS5_EEENS3_IFbP15compunit_symtab= EEE10enum_flagsI24block_search_flag_valuesE11domain_enum13search_domain /home/vries/gdb_versions/devel/src/gdb/dwarf2/read.c:18745 0xb5bf67 _ZN7objfile13lookup_symbolE10block_enumPKc11domain_enum /home/vries/gdb_versions/devel/src/gdb/symfile-debug.c:276 0xb7a9aa lookup_symbol_via_quick_fns /home/vries/gdb_versions/devel/src/gdb/symtab.c:2451 0xb7adfc lookup_symbol_in_objfile /home/vries/gdb_versions/devel/src/gdb/symtab.c:2599 0xb7af63 operator() /home/vries/gdb_versions/devel/src/gdb/symtab.c:2665 0xb8680d operator() =20=20=20=20=20=20=20 /home/vries/gdb_versions/devel/src/gdb/../gdbsupport/function-view.h:263 0xb86834 _FUN =20=20=20=20=20=20=20 /home/vries/gdb_versions/devel/src/gdb/../gdbsupport/function-view.h:257 0x95d605 _ZNK3gdb13function_viewIFbP7objfileEEclES2_ =20=20=20=20=20=20=20 /home/vries/gdb_versions/devel/src/gdb/../gdbsupport/function-view.h:247 0xb19295 svr4_iterate_over_objfiles_in_search_order /home/vries/gdb_versions/devel/src/gdb/solib-svr4.c:3167 0x4ce366 _Z45gdbarch_iterate_over_objfiles_in_search_orderP7gdbarchN3gdb13function_v= iewIFbP7objfileEEES4_ /home/vries/gdb_versions/devel/src/gdb/gdbarch.c:4937 0xb7b0ed lookup_global_or_static_symbol /home/vries/gdb_versions/devel/src/gdb/symtab.c:2662 0xb7b256 _Z20lookup_global_symbolPKcPK5block11domain_enum /home/vries/gdb_versions/devel/src/gdb/symtab.c:2717 0xb7ab83 _ZNK13language_defn22lookup_symbol_nonlocalEPKcPK5block11domain_en= um /home/vries/gdb_versions/devel/src/gdb/symtab.c:2520 0xb79f9c lookup_symbol_aux /home/vries/gdb_versions/devel/src/gdb/symtab.c:2170 0xb7974d _Z25lookup_symbol_in_languagePKcPK5block11domain_enum8languageP20field_of_t= his_result /home/vries/gdb_versions/devel/src/gdb/symtab.c:1965 0xb797c7 _Z13lookup_symbolPKcPK5block11domain_enumP20field_of_this_result /home/vries/gdb_versions/devel/src/gdb/symtab.c:1977 0x59f55b classify_name /home/vries/gdb_versions/devel/src/gdb/c-exp.y:3044 0x59fbf9 c_yylex /home/vries/gdb_versions/devel/src/gdb/c-exp.y:3255 0x5971b8 _Z9c_yyparsev /home/vries/gdb_versions/devel/build/gdb/c-exp.c.tmp:1991 0x5a06d0 _Z7c_parseP12parser_state /home/vries/gdb_versions/devel/src/gdb/c-exp.y:3421 0x85832b _ZNK13language_defn6parserEP12parser_state /home/vries/gdb_versions/devel/src/gdb/language.c:623 0x9774c5 parse_exp_in_context /home/vries/gdb_versions/devel/src/gdb/parse.c:515 0x9776a1 _Z16parse_expressionPKcP23innermost_block_trackerb /home/vries/gdb_versions/devel/src/gdb/parse.c:551 0xc1c58a whatis_exp /home/vries/gdb_versions/devel/src/gdb/typeprint.c:510 0xc1c98e ptype_command /home/vries/gdb_versions/devel/src/gdb/typeprint.c:599 0x5d5853 do_simple_func /home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:95 0x5da43f _Z8cmd_funcP16cmd_list_elementPKci /home/vries/gdb_versions/devel/src/gdb/cli/cli-decode.c:2514 0xbd5080 _Z15execute_commandPKci /home/vries/gdb_versions/devel/src/gdb/top.c:699 0x75a5b0 _Z15command_handlerPKc /home/vries/gdb_versions/devel/src/gdb/event-top.c:598 0x75aa58 _Z20command_line_handlerOSt10unique_ptrIcN3gdb13xfree_deleterIcEEE /home/vries/gdb_versions/devel/src/gdb/event-top.c:842 0xbfe4bb tui_command_line_handler /home/vries/gdb_versions/devel/src/gdb/tui/tui-interp.c:104 0x759dac gdb_rl_callback_handler /home/vries/gdb_versions/devel/src/gdb/event-top.c:230 0xcf23b1 rl_callback_read_char /home/vries/gdb_versions/devel/src/readline/readline/callback.c:290 0x759c29 gdb_rl_callback_read_char_wrapper_noexcept /home/vries/gdb_versions/devel/src/gdb/event-top.c:188 0x759cb0 gdb_rl_callback_read_char_wrapper /home/vries/gdb_versions/devel/src/gdb/event-top.c:205 0x75a3ff _Z19stdin_event_handleriPv /home/vries/gdb_versions/devel/src/gdb/event-top.c:525 0x139a12b handle_file_event /home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:549 0x139a6b3 gdb_wait_for_event /home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:670 0x13995c2 _Z16gdb_do_one_eventv /home/vries/gdb_versions/devel/src/gdbsupport/event-loop.cc:235 0x8be045 start_event_loop /home/vries/gdb_versions/devel/src/gdb/main.c:411 0x8be165 captured_command_loop /home/vries/gdb_versions/devel/src/gdb/main.c:471 0x8bf96e captured_main /home/vries/gdb_versions/devel/src/gdb/main.c:1329 0x8bf9d4 _Z8gdb_mainP18captured_main_args /home/vries/gdb_versions/devel/src/gdb/main.c:1344 0x418b3d main /home/vries/gdb_versions/devel/src/gdb/gdb.c:32 ... The same issue is reported by address sanitizer (PR25723 comment 1) and thr= ead sanitizer (PR29286 comment 16), but this is the easiest way to reproduce and investigate. Note that the issue reproduces with: ... $ gdb -q -batch -ex "maint set worker-threads 0" -x outputs/gdb.dwarf2/dw2-icc-opaque/gdb.in.1 ... so it's not related to gdb's multithreading. --=20 You are receiving this mail because: You are on the CC list for the bug.=