public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
@ 2022-12-25 20:47 philippe.waroquiers at skynet dot be
2022-12-25 23:37 ` [Bug gdb/29941] " mark at klomp dot org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: philippe.waroquiers at skynet dot be @ 2022-12-25 20:47 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
Bug ID: 29941
Summary: Inferior call strlen(p) gives segfaults in GDB 13,
(somewhat?) works in GDB11 and GDB12
Product: gdb
Version: HEAD
Status: NEW
Severity: normal
Priority: P2
Component: gdb
Assignee: unassigned at sourceware dot org
Reporter: philippe.waroquiers at skynet dot be
Target Milestone: ---
Compile the below with gcc -g -o m m.c
#include <string.h>
int main()
{
char p[10];
p[0] = 'a';
p[1] = 0;
return strlen(p);
}
gdb --nx ./m --ex 'b 7' --ex 'run' --ex 'print strlen(p)' --ex 'continue' --ex
quit
With GDB 11.1, it sometimes works, sometimes gives Aborted
but seems to work when the print strlen is done interactive.
With GDB 12.1, same behaviour
With GDB 13.0.50.20221218, it systematically gives a segfault.
(stacktrace given below).
Fatal signal: Segmentation fault
----- Backtrace -----
0x55adb64e7159 gdb_internal_backtrace_1
../../gdb-13.0.50.20221218/gdb/bt-utils.c:122
0x55adb64e7159 _Z22gdb_internal_backtracev
../../gdb-13.0.50.20221218/gdb/bt-utils.c:168
0x55adb65fef8f handle_fatal_signal
../../gdb-13.0.50.20221218/gdb/event-top.c:956
0x55adb65ff0fe handle_sigsegv
../../gdb-13.0.50.20221218/gdb/event-top.c:1029
0x7fb88929b13f ???
./nptl/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0
0x55adb66226bf _Z14get_frame_arch14frame_info_ptr
../../gdb-13.0.50.20221218/gdb/frame.c:2909
0x55adb6623c75 _Z12get_frame_sp14frame_info_ptr
../../gdb-13.0.50.20221218/gdb/frame.c:2997
0x55adb6665eb8
_Z27call_function_by_hand_dummyP5valueP4typeN3gdb10array_viewIS0_EEPFvPviES6_
../../gdb-13.0.50.20221218/gdb/infcall.c:898
0x55adb65fc940
_ZN4expr9operation16evaluate_funcallEP4typeP10expression6nosidePKcRKSt6vectorISt10unique_ptrIS0_St14default_deleteIS0_EESaISC_EE
../../gdb-13.0.50.20221218/gdb/eval.c:702
0x55adb65f914d _ZN10expression8evaluateEP4type6noside
../../gdb-13.0.50.20221218/gdb/eval.c:101
0x55adb67359ff process_print_command_args
../../gdb-13.0.50.20221218/gdb/printcmd.c:1306
0x55adb6735eae print_command_1
../../gdb-13.0.50.20221218/gdb/printcmd.c:1319
0x55adb651abc4 _Z8cmd_funcP16cmd_list_elementPKci
../../gdb-13.0.50.20221218/gdb/cli/cli-decode.c:2543
0x55adb6861541 _Z15execute_commandPKci
../../gdb-13.0.50.20221218/gdb/top.c:693
0x55adb66d4e75 catch_command_errors
../../gdb-13.0.50.20221218/gdb/main.c:513
0x55adb66d4f41 execute_cmdargs
../../gdb-13.0.50.20221218/gdb/main.c:608
0x55adb66d65a4 captured_main_1
../../gdb-13.0.50.20221218/gdb/main.c:1299
0x55adb66d717a captured_main
../../gdb-13.0.50.20221218/gdb/main.c:1320
0x55adb66d717a _Z8gdb_mainP18captured_main_args
../../gdb-13.0.50.20221218/gdb/main.c:1345
0x55adb642cdfb main
../../gdb-13.0.50.20221218/gdb/gdb.c:32
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
@ 2022-12-25 23:37 ` mark at klomp dot org
2022-12-26 7:39 ` vries at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: mark at klomp dot org @ 2022-12-25 23:37 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mark at klomp dot org
--- Comment #1 from Mark Wielaard <mark at klomp dot org> ---
The same crashes for me with gdb build from current git source on arm64.
It crashes here:
Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
0x00000055558457b8 in get_frame_arch (this_frame=...) at
/home/mark/src/binutils-gdb/gdb/frame.c:2890
2890 return frame_unwind_arch (frame_info_ptr (this_frame->next));
Turns out this_frame->next == NULL:
(gdb) print this_frame
$1 = {<intrusive_list_node<frame_info_ptr>> = {next = 0x0, prev =
0x7fffffe8d8}, m_ptr = 0x0,
m_cached_id = {stack_addr = 0, code_addr = 0, special_addr = 0, stack_status
= FID_STACK_INVALID,
code_addr_p = 0, special_addr_p = 0, artificial_depth = 0}, static
frame_list = {
m_front = 0x5556025c00 <selected_frame>, m_back = 0x7fffffe438}}
But the first thing frame_unwind_arch does is dereference its argument:
(gdb) list
2885 /* Architecture methods. */
2886
2887 struct gdbarch *
2888 get_frame_arch (frame_info_ptr this_frame)
2889 {
2890 return frame_unwind_arch (frame_info_ptr (this_frame->next));
2891 }
2892
2893 struct gdbarch *
2894 frame_unwind_arch (frame_info_ptr next_frame)
2895 {
2896 if (!next_frame->prev_arch.p)
2897 {
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
2022-12-25 23:37 ` [Bug gdb/29941] " mark at klomp dot org
@ 2022-12-26 7:39 ` vries at gcc dot gnu.org
2022-12-26 12:59 ` aburgess at redhat dot com
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: vries at gcc dot gnu.org @ 2022-12-26 7:39 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
Tom de Vries <vries at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vries at gcc dot gnu.org
--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
This seems to fix it:
...
diff --git a/gdb/infcall.c b/gdb/infcall.c
index c1db3e22189..9bfc3216c5a 100644
--- a/gdb/infcall.c
+++ b/gdb/infcall.c
@@ -857,6 +857,7 @@ call_function_by_hand_dummy (struct value *function,
type *ftype;
type *values_type;
CORE_ADDR funaddr = find_function_addr (function, &values_type, &ftype);
+ frame = get_current_frame ();
if (is_nocall_function (ftype))
error (_("Cannot call the function '%s' which does not follow the "
...
Note that during find_function_addr, a call to call_function_by_hand_dummy is
done for elf_gnu_ifunc_resolve_addr, which pushes and pops a dummy frame.
I don't understand the frame tracking concepts well enough to say whether this
is a fix or a workaround.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
2022-12-25 23:37 ` [Bug gdb/29941] " mark at klomp dot org
2022-12-26 7:39 ` vries at gcc dot gnu.org
@ 2022-12-26 12:59 ` aburgess at redhat dot com
2022-12-26 13:08 ` vries at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: aburgess at redhat dot com @ 2022-12-26 12:59 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
Andrew Burgess <aburgess at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |13.1
CC| |aburgess at redhat dot com
--- Comment #3 from Andrew Burgess <aburgess at redhat dot com> ---
I think that for now a better fix would be something like the totally untested
patch below which uses prepare_reinflate and reinflate.
Simon has a patch on-list that removes the need for calling prepare_reinflate
and reinflate, but I doubt that will be merged to the GDB13 branch, it's a
pretty big change.
Also worth noting that I can't reproduce the original failure on my x86-64
machine, and I don't have time to setup an environment where I can test this as
a fix right now.
### START ###
diff --git a/gdb/infcall.c b/gdb/infcall.c
index c1db3e22189..ec9669a6b6a 100644
--- a/gdb/infcall.c
+++ b/gdb/infcall.c
@@ -848,6 +848,7 @@ call_function_by_hand_dummy (struct value *function,
bool stack_temporaries = thread_stack_temporaries_enabled_p (call_thread.get
());
frame = get_current_frame ();
+ frame.prepare_reinflate ();
gdbarch = get_frame_arch (frame);
if (!gdbarch_push_dummy_call_p (gdbarch))
@@ -863,6 +864,8 @@ call_function_by_hand_dummy (struct value *function,
"target calling convention."),
get_function_name (funaddr, name_buf, sizeof (name_buf)));
+ frame.reinflate ();
+
if (values_type == NULL || values_type->is_stub ())
values_type = default_return_type;
if (values_type == NULL)
### END ###
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
` (2 preceding siblings ...)
2022-12-26 12:59 ` aburgess at redhat dot com
@ 2022-12-26 13:08 ` vries at gcc dot gnu.org
2023-01-03 9:18 ` cvs-commit at gcc dot gnu.org
2023-01-03 10:53 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: vries at gcc dot gnu.org @ 2022-12-26 13:08 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
Tom de Vries <vries at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #4 from Tom de Vries <vries at gcc dot gnu.org> ---
Duplicate.
*** This bug has been marked as a duplicate of bug 28224 ***
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
` (3 preceding siblings ...)
2022-12-26 13:08 ` vries at gcc dot gnu.org
@ 2023-01-03 9:18 ` cvs-commit at gcc dot gnu.org
2023-01-03 10:53 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-01-03 9:18 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
--- Comment #5 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Tom de Vries <vries@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08fd407675396cf9500519f02033e6cec270a4a6
commit 08fd407675396cf9500519f02033e6cec270a4a6
Author: Andrew Burgess <aburgess@redhat.com>
Date: Tue Jan 3 10:18:48 2023 +0100
[gdb] Fix segfault during inferior call to ifunc
With a simple test-case:
...
$ cat test.c
char *p = "a";
int main (void) {
return strlen (p);
}
$ gcc -g test.c
...
we run into this segfault:
...
$ gdb -q -batch a.out -ex start -ex "p strlen (p)"
Temporary breakpoint 1 at 0x1151: file test.c, line 4.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Temporary breakpoint 1, main () at test.c:4
4 return strlen (p);
Fatal signal: Segmentation fault
...
The strlen is an ifunc, and consequently during the call to
call_function_by_hand_dummy for "p strlen (p)" another call
to call_function_by_hand_dummy is used to resolve the ifunc.
This invalidates the get_current_frame () result in the outer call.
Fix this by using prepare_reinflate and reinflate.
Note that this series (
https://inbox.sourceware.org/gdb-patches/20221214033441.499512-1-simon.marchi@polymtl.ca/
)
should address this problem, but this patch is a simpler fix which is easy
to
backport.
Tested on x86_64-linux.
Co-Authored-By: Tom de Vries <tdevries@suse.de>
PR gdb/29941
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29941
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
` (4 preceding siblings ...)
2023-01-03 9:18 ` cvs-commit at gcc dot gnu.org
@ 2023-01-03 10:53 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-01-03 10:53 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
--- Comment #6 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The gdb-13-branch branch has been updated by Tom de Vries
<vries@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=322fde46dcc3a954992af8650a6c1200a670b973
commit 322fde46dcc3a954992af8650a6c1200a670b973
Author: Andrew Burgess <aburgess@redhat.com>
Date: Tue Jan 3 11:53:09 2023 +0100
[gdb] Fix segfault during inferior call to ifunc
With a simple test-case:
...
$ cat test.c
char *p = "a";
int main (void) {
return strlen (p);
}
$ gcc -g test.c
...
we run into this segfault:
...
$ gdb -q -batch a.out -ex start -ex "p strlen (p)"
Temporary breakpoint 1 at 0x1151: file test.c, line 4.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Temporary breakpoint 1, main () at test.c:4
4 return strlen (p);
Fatal signal: Segmentation fault
...
The strlen is an ifunc, and consequently during the call to
call_function_by_hand_dummy for "p strlen (p)" another call
to call_function_by_hand_dummy is used to resolve the ifunc.
This invalidates the get_current_frame () result in the outer call.
Fix this by using prepare_reinflate and reinflate.
Note that this series (
https://inbox.sourceware.org/gdb-patches/20221214033441.499512-1-simon.marchi@polymtl.ca/
)
should address this problem, but this patch is a simpler fix which is easy
to
backport.
Tested on x86_64-linux.
Co-Authored-By: Tom de Vries <tdevries@suse.de>
PR gdb/29941
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29941
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-01-03 10:53 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
2022-12-25 23:37 ` [Bug gdb/29941] " mark at klomp dot org
2022-12-26 7:39 ` vries at gcc dot gnu.org
2022-12-26 12:59 ` aburgess at redhat dot com
2022-12-26 13:08 ` vries at gcc dot gnu.org
2023-01-03 9:18 ` cvs-commit at gcc dot gnu.org
2023-01-03 10:53 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).