From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id C6B8A3858C83; Wed, 28 Sep 2022 11:59:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C6B8A3858C83 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1664366344; bh=sLVCMFTy7s4L9R0AdHnbVvmnYiJY3Ltz4wDj2YQFg3M=; h=From:To:Subject:Date:From; b=p8Wn5pJ4HjzlqwG7vf4gmlEEM/cguHp6gjIH5pGyyUyYw3TE/8Lbn/k6mdONBMOZc 5FFC8oJ3rwA0tPPwHNzBFizfteTt94hs9YK7qJNoYbfqj7ogSZ3b34z8LE2vmjFZph cs8MXW57EfoOjHvMXY6XFS/azhAxAYIJfV16d58E= From: "marian.buschsieweke at ovgu dot de" To: gdb-prs@sourceware.org Subject: [Bug gdb/29626] New: Segfault when disassembling ARM code Date: Wed, 28 Sep 2022 11:59:04 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: gdb X-Bugzilla-Version: 12.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: marian.buschsieweke at ovgu dot de X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D29626 Bug ID: 29626 Summary: Segfault when disassembling ARM code Product: gdb Version: 12.1 Status: UNCONFIRMED Severity: normal Priority: P2 Component: gdb Assignee: unassigned at sourceware dot org Reporter: marian.buschsieweke at ovgu dot de Target Milestone: --- Created attachment 14361 --> https://sourceware.org/bugzilla/attachment.cgi?id=3D14361&action=3Ded= it potential fix Hi, while debugging code on a ARM Cortex M7 MCU (STM32F767ZI) via OpenOCD I experience random crashes in the tui with `layout split`. This is the backtrace: #0 __restore_sigs (set=3Dset@entry=3D0x7ffc44288520) at ./arch/x86_64/syscall_arch.h:40 #1 0x00007f18d21fa561 in raise (sig=3D) at src/signal/raise= .c:11 #2 0x000056448ea7853d in handle_fatal_signal (sig=3Dsig@entry=3D11) at ../../gdb/event-top.c:927 #3 0x000056448ea78572 in handle_sigsegv (sig=3D11) at ../../gdb/event-top.= c:977 #4 #5 0x000056448ed17eb5 in mapping_symbol_for_insn (pc=3Dpc@entry=3D13422451= 0, info=3Dinfo@entry=3D0x7ffc44288e60,=20 map_symbol=3Dmap_symbol@entry=3D0x7ffc44288d48) at ../../opcodes/arm-dis.c:11868 #6 0x000056448ed1893d in find_ifthen_state (little=3Dtrue, info=3D0x7ffc44= 288e60, pc=3D134224518) at ../../opcodes/arm-dis.c:11743 #7 print_insn (pc=3D134224518, info=3D0x7ffc44288e60, little=3D) at ../../opcodes/arm-dis.c:12284 #8 0x000056448ea2bc42 in gdb_disassembler::print_insn (this=3Dthis@entry=3D0x7ffc44288e58, memaddr=3Dmemaddr@entry=3D134224518,=20 branch_delay_insns=3Dbranch_delay_insns@entry=3D0x0) at ../../gdb/disas= m.h:58 #9 0x000056448ea2c4af in gdb_print_insn (gdbarch=3Dgdbarch@entry=3D0x7f18d= 13bbff0, memaddr=3Dmemaddr@entry=3D134224518,=20 stream=3Dstream@entry=3D0x7ffc44289068, branch_delay_insns=3Dbranch_delay_insns@entry=3D0x0) at ../../gdb/disasm.c:= 936 #10 0x000056448ecc7720 in tui_disassemble (gdbarch=3D0x7f18d13bbff0, asm_lines=3D..., pc=3D134224518, count=3Dcount@entry=3D24,=20 addr_size=3Daddr_size@entry=3D0x7ffc44289180) at ../../gdb/tui/tui-disa= sm.c:120 #11 0x000056448ecc7f62 in tui_disasm_window::set_contents (this=3D0x7f18d11= 49d90, arch=3D, sal=3D...) at ../../gdb/tui/tui-disasm.c:343 #12 0x000056448ecd7b4f in tui_source_window_base::update_source_window_as_is (this=3D0x7f18d1149d90, gdbarch=3D, sal=3D...) at ../../gdb/tui/tui-winsource.c:167 #13 0x000056448ecd7c1b in tui_update_source_windows_with_addr (gdbarch=3D0x7f18d13bbff0, addr=3D) at ../../gdb/tui/tui-winsource.c:190 #14 0x000056448ecd0ca2 in tui_apply_current_layout () at ../../gdb/tui/tui-layout.c:113 #15 0x000056448e9e9977 in cmd_func (cmd=3D0x7f18d19aea50, args=3D0x0, from_= tty=3D1) at ../../gdb/cli/cli-decode.c:2514 #16 0x000056448ecb8804 in execute_command (p=3D, p@entry=3D0x7f18d04c3b10 "layout split", from_tty=3D1) at ../../gdb/top.c:7= 02 #17 0x000056448ea78984 in command_handler (command=3D0x7f18d04c3b10 "layout split") at ../../gdb/event-top.c:597 #18 0x000056448ea79753 in command_line_handler (rl=3D...) at ../../gdb/event-top.c:800 #19 0x000056448ea792a0 in gdb_rl_callback_handler (rl=3D0x7f18d04c3ab0 "lay= out split") at ../../gdb/event-top.c:229 #20 0x00007f18d21982d5 in rl_callback_read_char () from /usr/lib/libreadline.so.8 #21 0x000056448ea79356 in gdb_rl_callback_read_char_wrapper_noexcept () at ../../gdb/event-top.c:187 #22 0x000056448ea793ec in gdb_rl_callback_read_char_wrapper (client_data=3D) at ../../gdb/event-top.c:204 #23 0x000056448ea78426 in stdin_event_handler (error=3D, client_data=3D0x7f18d1e35e90) at ../../gdb/event-top.c:524 #24 0x000056448f06ca72 in gdb_wait_for_event (block=3D) at ../../gdbsupport/event-loop.cc:725 #25 gdb_wait_for_event (block=3D) at ../../gdbsupport/event-loop.cc:588 #26 0x000056448f06cdf0 in gdb_do_one_event () at ../../gdbsupport/event-loop.cc:237 #27 0x000056448eb192cc in start_event_loop () at ../../gdb/main.c:421 #28 captured_command_loop () at ../../gdb/main.c:481 #29 0x000056448eb1aa12 in captured_main (data=3Ddata@entry=3D0x7ffc44289780= ) at ../../gdb/main.c:1351 #30 gdb_main (args=3Dargs@entry=3D0x7ffc442897b0) at ../../gdb/main.c:1366 #31 0x000056448e91ccc0 in main (argc=3D, argv=3D) at ../../gdb/gdb.c:32 I experience the crash on certain locations, e.g. when browsing the disasse= mbly of picolibc's vfprintf implementation. But I experienced similar crashes in other places as well. The attached patch is a naive fix that prevents the NULL pointer dereferenc= ing triggering the segfault. I didn't really read the code though, so maybe thi= s is only a symptom of an deeper issue. In any case, the fix does seem to solve = the immediate crashes and the disassembly does match what I get from `arm-none-eabi-objdump`. Kind regards, Marian --=20 You are receiving this mail because: You are on the CC list for the bug.=