[Bug gdb/29626] New: Segfault when disassembling ARM code

["marian.buschsieweke at ovgu dot de" <sourceware-bugzilla@sourceware.org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=29626

            Bug ID: 29626
           Summary: Segfault when disassembling ARM code
           Product: gdb
           Version: 12.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: marian.buschsieweke at ovgu dot de
  Target Milestone: ---

Created attachment 14361
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14361&action=edit
potential fix

Hi,

while debugging code on a ARM Cortex M7 MCU (STM32F767ZI) via OpenOCD I
experience random crashes in the tui with `layout split`. This is the
backtrace:

#0  __restore_sigs (set=set@entry=0x7ffc44288520) at
./arch/x86_64/syscall_arch.h:40
#1  0x00007f18d21fa561 in raise (sig=<optimized out>) at src/signal/raise.c:11
#2  0x000056448ea7853d in handle_fatal_signal (sig=sig@entry=11) at
../../gdb/event-top.c:927
#3  0x000056448ea78572 in handle_sigsegv (sig=11) at ../../gdb/event-top.c:977
#4  <signal handler called>
#5  0x000056448ed17eb5 in mapping_symbol_for_insn (pc=pc@entry=134224510,
info=info@entry=0x7ffc44288e60, 
    map_symbol=map_symbol@entry=0x7ffc44288d48) at
../../opcodes/arm-dis.c:11868
#6  0x000056448ed1893d in find_ifthen_state (little=true, info=0x7ffc44288e60,
pc=134224518) at ../../opcodes/arm-dis.c:11743
#7  print_insn (pc=134224518, info=0x7ffc44288e60, little=<optimized out>) at
../../opcodes/arm-dis.c:12284
#8  0x000056448ea2bc42 in gdb_disassembler::print_insn
(this=this@entry=0x7ffc44288e58, memaddr=memaddr@entry=134224518, 
    branch_delay_insns=branch_delay_insns@entry=0x0) at ../../gdb/disasm.h:58
#9  0x000056448ea2c4af in gdb_print_insn (gdbarch=gdbarch@entry=0x7f18d13bbff0,
memaddr=memaddr@entry=134224518, 
    stream=stream@entry=0x7ffc44289068,
branch_delay_insns=branch_delay_insns@entry=0x0) at ../../gdb/disasm.c:936
#10 0x000056448ecc7720 in tui_disassemble (gdbarch=0x7f18d13bbff0,
asm_lines=..., pc=134224518, count=count@entry=24, 
    addr_size=addr_size@entry=0x7ffc44289180) at ../../gdb/tui/tui-disasm.c:120
#11 0x000056448ecc7f62 in tui_disasm_window::set_contents (this=0x7f18d1149d90,
arch=<optimized out>, sal=...)
    at ../../gdb/tui/tui-disasm.c:343
#12 0x000056448ecd7b4f in tui_source_window_base::update_source_window_as_is
(this=0x7f18d1149d90, gdbarch=<optimized out>, sal=...)
    at ../../gdb/tui/tui-winsource.c:167
#13 0x000056448ecd7c1b in tui_update_source_windows_with_addr
(gdbarch=0x7f18d13bbff0, addr=<optimized out>)
    at ../../gdb/tui/tui-winsource.c:190
#14 0x000056448ecd0ca2 in tui_apply_current_layout () at
../../gdb/tui/tui-layout.c:113
#15 0x000056448e9e9977 in cmd_func (cmd=0x7f18d19aea50, args=0x0, from_tty=1)
at ../../gdb/cli/cli-decode.c:2514
#16 0x000056448ecb8804 in execute_command (p=<optimized out>,
p@entry=0x7f18d04c3b10 "layout split", from_tty=1) at ../../gdb/top.c:702
#17 0x000056448ea78984 in command_handler (command=0x7f18d04c3b10 "layout
split") at ../../gdb/event-top.c:597
#18 0x000056448ea79753 in command_line_handler (rl=...) at
../../gdb/event-top.c:800
#19 0x000056448ea792a0 in gdb_rl_callback_handler (rl=0x7f18d04c3ab0 "layout
split") at ../../gdb/event-top.c:229
#20 0x00007f18d21982d5 in rl_callback_read_char () from
/usr/lib/libreadline.so.8
#21 0x000056448ea79356 in gdb_rl_callback_read_char_wrapper_noexcept () at
../../gdb/event-top.c:187
#22 0x000056448ea793ec in gdb_rl_callback_read_char_wrapper
(client_data=<optimized out>) at ../../gdb/event-top.c:204
#23 0x000056448ea78426 in stdin_event_handler (error=<optimized out>,
client_data=0x7f18d1e35e90) at ../../gdb/event-top.c:524
#24 0x000056448f06ca72 in gdb_wait_for_event (block=<optimized out>) at
../../gdbsupport/event-loop.cc:725
#25 gdb_wait_for_event (block=<optimized out>) at
../../gdbsupport/event-loop.cc:588
#26 0x000056448f06cdf0 in gdb_do_one_event () at
../../gdbsupport/event-loop.cc:237
#27 0x000056448eb192cc in start_event_loop () at ../../gdb/main.c:421
#28 captured_command_loop () at ../../gdb/main.c:481
#29 0x000056448eb1aa12 in captured_main (data=data@entry=0x7ffc44289780) at
../../gdb/main.c:1351
#30 gdb_main (args=args@entry=0x7ffc442897b0) at ../../gdb/main.c:1366
#31 0x000056448e91ccc0 in main (argc=<optimized out>, argv=<optimized out>) at
../../gdb/gdb.c:32

I experience the crash on certain locations, e.g. when browsing the disassembly
of picolibc's vfprintf implementation. But I experienced similar crashes in
other places as well.

The attached patch is a naive fix that prevents the NULL pointer dereferencing
triggering the segfault. I didn't really read the code though, so maybe this is
only a symptom of an deeper issue. In any case, the fix does seem to solve the
immediate crashes and the disassembly does match what I get from
`arm-none-eabi-objdump`.

Kind regards,
Marian

-- 
You are receiving this mail because:
You are on the CC list for the bug.