* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
@ 2022-12-25 23:37 ` mark at klomp dot org
2022-12-26 7:39 ` vries at gcc dot gnu.org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: mark at klomp dot org @ 2022-12-25 23:37 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mark at klomp dot org
--- Comment #1 from Mark Wielaard <mark at klomp dot org> ---
The same crashes for me with gdb build from current git source on arm64.
It crashes here:
Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
0x00000055558457b8 in get_frame_arch (this_frame=...) at
/home/mark/src/binutils-gdb/gdb/frame.c:2890
2890 return frame_unwind_arch (frame_info_ptr (this_frame->next));
Turns out this_frame->next == NULL:
(gdb) print this_frame
$1 = {<intrusive_list_node<frame_info_ptr>> = {next = 0x0, prev =
0x7fffffe8d8}, m_ptr = 0x0,
m_cached_id = {stack_addr = 0, code_addr = 0, special_addr = 0, stack_status
= FID_STACK_INVALID,
code_addr_p = 0, special_addr_p = 0, artificial_depth = 0}, static
frame_list = {
m_front = 0x5556025c00 <selected_frame>, m_back = 0x7fffffe438}}
But the first thing frame_unwind_arch does is dereference its argument:
(gdb) list
2885 /* Architecture methods. */
2886
2887 struct gdbarch *
2888 get_frame_arch (frame_info_ptr this_frame)
2889 {
2890 return frame_unwind_arch (frame_info_ptr (this_frame->next));
2891 }
2892
2893 struct gdbarch *
2894 frame_unwind_arch (frame_info_ptr next_frame)
2895 {
2896 if (!next_frame->prev_arch.p)
2897 {
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
2022-12-25 23:37 ` [Bug gdb/29941] " mark at klomp dot org
@ 2022-12-26 7:39 ` vries at gcc dot gnu.org
2022-12-26 12:59 ` aburgess at redhat dot com
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: vries at gcc dot gnu.org @ 2022-12-26 7:39 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
Tom de Vries <vries at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vries at gcc dot gnu.org
--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
This seems to fix it:
...
diff --git a/gdb/infcall.c b/gdb/infcall.c
index c1db3e22189..9bfc3216c5a 100644
--- a/gdb/infcall.c
+++ b/gdb/infcall.c
@@ -857,6 +857,7 @@ call_function_by_hand_dummy (struct value *function,
type *ftype;
type *values_type;
CORE_ADDR funaddr = find_function_addr (function, &values_type, &ftype);
+ frame = get_current_frame ();
if (is_nocall_function (ftype))
error (_("Cannot call the function '%s' which does not follow the "
...
Note that during find_function_addr, a call to call_function_by_hand_dummy is
done for elf_gnu_ifunc_resolve_addr, which pushes and pops a dummy frame.
I don't understand the frame tracking concepts well enough to say whether this
is a fix or a workaround.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
2022-12-25 23:37 ` [Bug gdb/29941] " mark at klomp dot org
2022-12-26 7:39 ` vries at gcc dot gnu.org
@ 2022-12-26 12:59 ` aburgess at redhat dot com
2022-12-26 13:08 ` vries at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: aburgess at redhat dot com @ 2022-12-26 12:59 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
Andrew Burgess <aburgess at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |13.1
CC| |aburgess at redhat dot com
--- Comment #3 from Andrew Burgess <aburgess at redhat dot com> ---
I think that for now a better fix would be something like the totally untested
patch below which uses prepare_reinflate and reinflate.
Simon has a patch on-list that removes the need for calling prepare_reinflate
and reinflate, but I doubt that will be merged to the GDB13 branch, it's a
pretty big change.
Also worth noting that I can't reproduce the original failure on my x86-64
machine, and I don't have time to setup an environment where I can test this as
a fix right now.
### START ###
diff --git a/gdb/infcall.c b/gdb/infcall.c
index c1db3e22189..ec9669a6b6a 100644
--- a/gdb/infcall.c
+++ b/gdb/infcall.c
@@ -848,6 +848,7 @@ call_function_by_hand_dummy (struct value *function,
bool stack_temporaries = thread_stack_temporaries_enabled_p (call_thread.get
());
frame = get_current_frame ();
+ frame.prepare_reinflate ();
gdbarch = get_frame_arch (frame);
if (!gdbarch_push_dummy_call_p (gdbarch))
@@ -863,6 +864,8 @@ call_function_by_hand_dummy (struct value *function,
"target calling convention."),
get_function_name (funaddr, name_buf, sizeof (name_buf)));
+ frame.reinflate ();
+
if (values_type == NULL || values_type->is_stub ())
values_type = default_return_type;
if (values_type == NULL)
### END ###
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
` (2 preceding siblings ...)
2022-12-26 12:59 ` aburgess at redhat dot com
@ 2022-12-26 13:08 ` vries at gcc dot gnu.org
2023-01-03 9:18 ` cvs-commit at gcc dot gnu.org
2023-01-03 10:53 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: vries at gcc dot gnu.org @ 2022-12-26 13:08 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
Tom de Vries <vries at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #4 from Tom de Vries <vries at gcc dot gnu.org> ---
Duplicate.
*** This bug has been marked as a duplicate of bug 28224 ***
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
` (3 preceding siblings ...)
2022-12-26 13:08 ` vries at gcc dot gnu.org
@ 2023-01-03 9:18 ` cvs-commit at gcc dot gnu.org
2023-01-03 10:53 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-01-03 9:18 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
--- Comment #5 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Tom de Vries <vries@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08fd407675396cf9500519f02033e6cec270a4a6
commit 08fd407675396cf9500519f02033e6cec270a4a6
Author: Andrew Burgess <aburgess@redhat.com>
Date: Tue Jan 3 10:18:48 2023 +0100
[gdb] Fix segfault during inferior call to ifunc
With a simple test-case:
...
$ cat test.c
char *p = "a";
int main (void) {
return strlen (p);
}
$ gcc -g test.c
...
we run into this segfault:
...
$ gdb -q -batch a.out -ex start -ex "p strlen (p)"
Temporary breakpoint 1 at 0x1151: file test.c, line 4.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Temporary breakpoint 1, main () at test.c:4
4 return strlen (p);
Fatal signal: Segmentation fault
...
The strlen is an ifunc, and consequently during the call to
call_function_by_hand_dummy for "p strlen (p)" another call
to call_function_by_hand_dummy is used to resolve the ifunc.
This invalidates the get_current_frame () result in the outer call.
Fix this by using prepare_reinflate and reinflate.
Note that this series (
https://inbox.sourceware.org/gdb-patches/20221214033441.499512-1-simon.marchi@polymtl.ca/
)
should address this problem, but this patch is a simpler fix which is easy
to
backport.
Tested on x86_64-linux.
Co-Authored-By: Tom de Vries <tdevries@suse.de>
PR gdb/29941
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29941
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug gdb/29941] Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12
2022-12-25 20:47 [Bug gdb/29941] New: Inferior call strlen(p) gives segfaults in GDB 13, (somewhat?) works in GDB11 and GDB12 philippe.waroquiers at skynet dot be
` (4 preceding siblings ...)
2023-01-03 9:18 ` cvs-commit at gcc dot gnu.org
@ 2023-01-03 10:53 ` cvs-commit at gcc dot gnu.org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-01-03 10:53 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=29941
--- Comment #6 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The gdb-13-branch branch has been updated by Tom de Vries
<vries@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=322fde46dcc3a954992af8650a6c1200a670b973
commit 322fde46dcc3a954992af8650a6c1200a670b973
Author: Andrew Burgess <aburgess@redhat.com>
Date: Tue Jan 3 11:53:09 2023 +0100
[gdb] Fix segfault during inferior call to ifunc
With a simple test-case:
...
$ cat test.c
char *p = "a";
int main (void) {
return strlen (p);
}
$ gcc -g test.c
...
we run into this segfault:
...
$ gdb -q -batch a.out -ex start -ex "p strlen (p)"
Temporary breakpoint 1 at 0x1151: file test.c, line 4.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Temporary breakpoint 1, main () at test.c:4
4 return strlen (p);
Fatal signal: Segmentation fault
...
The strlen is an ifunc, and consequently during the call to
call_function_by_hand_dummy for "p strlen (p)" another call
to call_function_by_hand_dummy is used to resolve the ifunc.
This invalidates the get_current_frame () result in the outer call.
Fix this by using prepare_reinflate and reinflate.
Note that this series (
https://inbox.sourceware.org/gdb-patches/20221214033441.499512-1-simon.marchi@polymtl.ca/
)
should address this problem, but this patch is a simpler fix which is easy
to
backport.
Tested on x86_64-linux.
Co-Authored-By: Tom de Vries <tdevries@suse.de>
PR gdb/29941
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29941
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread