From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id DC8A03858D37; Tue, 3 Jan 2023 18:23:39 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DC8A03858D37 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1672770219; bh=UBT4a550K4J99A3Hx4vsYEQKyvQyxH7uDO8ZRYb0il0=; h=From:To:Subject:Date:From; b=uksUmSGuqn8gBLiwJPTW7Jr/u3rygAKao90YNvi4JCXJPbjzYIIM2urwPbPEjyjvZ vvDMIglyqhtHFUl/Zmwqb6fLtZQhF5cwoknNRlPZorq3bQfuJnfNs4Q66EOXnrs5Jv 6utsf4HYT9xhaL69Y8Gi73UQhrGoA2zrhbUaDSyo= From: "festerdam at posteo dot net" To: gdb-prs@sourceware.org Subject: [Bug breakpoints/29960] New: gdb doesn't prevent user from setting faulty catch condition and segfaults Date: Tue, 03 Jan 2023 18:23:38 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: breakpoints X-Bugzilla-Version: HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: festerdam at posteo dot net X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D29960 Bug ID: 29960 Summary: gdb doesn't prevent user from setting faulty catch condition and segfaults Product: gdb Version: HEAD Status: UNCONFIRMED Severity: normal Priority: P2 Component: breakpoints Assignee: unassigned at sourceware dot org Reporter: festerdam at posteo dot net Target Milestone: --- When inputting the following to gdb: r # Let child exit normally catch syscall 1 condition 1 fd =3D=3D 1 #assume catchpoint obtained above is 1 # Will fail saying that no symbol table is loaded or that the symbol doesn't # exist. Outcome in the end will be the same condition 1 write.fd =3D=3D 1 # won't fail for some reason r # segfault occurs now It seems I always have to run the program prior to setting the syscall in o= rder for this to happen. I tested it with GNU Hello, GNU Bash and GNU Guile and with gdb version 12.= 1-4 (obtained from the Debian repositories) and with gdb commit ce6fcad80eb594228a2e46e9362d6083881fe96d. They all crashed. This is the stack trace of spat out by gdb ce6fcad80 running GNU Hello: Fatal signal: Segmentation fault ----- Backtrace ----- 0x55555570204b gdb_internal_backtrace_1 ../../gdb/bt-utils.c:122 0x55555570204b _Z22gdb_internal_backtracev ../../gdb/bt-utils.c:168 0x555555813421 handle_fatal_signal ../../gdb/event-top.c:956 0x55555581358c handle_sigsegv ../../gdb/event-top.c:1029 0x7ffff6e5af8f ??? ./signal/../sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c:0 0x555555a35a90 _ZNK19general_symbol_info13section_indexEv ../../gdb/symtab.h:605 0x555555a35a90 _ZNK19general_symbol_info11obj_sectionEPK7objfile ../../gdb/symtab.c:1090 0x555555952139 _Z28find_minsym_type_and_addressP14minimal_symbolP7objfilePm ../../gdb/parse.c:105 0x55555580e373 _Z23evaluate_var_msym_value6nosideP7objfileP14minimal_symbol ../../gdb/eval.c:597 0x55555580e89e _Z22eval_op_var_msym_valueP4typeP10expression6nosideb20bound_minimal_symbol ../../gdb/eval.c:1113 0x555555716e10 _ZN4expr18structop_operation8evaluateEP4typeP10expression6no= side ../../gdb/expop.h:1034 0x555555716d14 _ZN4expr20comparison_operationIL10exp_opcode14EXadL_Z13eval_op_equalP4typeP= 10expression6nosideS1_P5valueS8_EEE8evaluateES3_S5_S6_ ../../gdb/expop.h:1334 0x55555580d55c _ZN10expression8evaluateEP4type6noside ../../gdb/eval.c:101 0x5555556eddb1 breakpoint_cond_eval ../../gdb/breakpoint.c:4971 0x5555556eddb1 bpstat_check_breakpoint_conditions ../../gdb/breakpoint.c:5540 0x5555556f6616 _Z18bpstat_stop_statusPK13address_spacemP11thread_infoRK17target_waitstatus= P6bpstat ../../gdb/breakpoint.c:5721 0x5555558b5985 handle_syscall_event ../../gdb/infrun.c:4625 0x5555558b5eb7 handle_inferior_event ../../gdb/infrun.c:5832 0x5555558b82fe _Z20fetch_inferior_eventv ../../gdb/infrun.c:4202 0x555555c286d5 gdb_wait_for_event ../../gdbsupport/event-loop.cc:716 0x555555c291b2 _Z16gdb_do_one_eventi ../../gdbsupport/event-loop.cc:264 0x5555558fb609 start_event_loop ../../gdb/main.c:411 0x5555558fb609 captured_command_loop ../../gdb/main.c:471 0x5555558fd164 captured_main ../../gdb/main.c:1310 0x5555558fd164 _Z8gdb_mainP18captured_main_args ../../gdb/main.c:1325 0x5555556614a9 main ../../gdb/gdb.c:32 And this is the stack trace I get when I run gdb with gdb (not sure why they are different): #0 general_symbol_info::obj_section (this=3Dthis@entry=3D0x7fffee85f4e0,=20 objfile=3Dobjfile@entry=3D0x5555561fdf80) at ../../gdb/symtab.c:1090 #1 0x000055555595213a in find_minsym_type_and_address (msymbol=3D0x7fffee8= 5f4e0,=20 objfile=3D0x5555561fdf80, address_p=3Daddress_p@entry=3D0x7fffffffd5d8)= at ../../gdb/parse.c:105 #2 0x000055555580e374 in evaluate_var_msym_value (noside=3Dnoside@entry=3DEVAL_NORMAL,=20 objfile=3D, msymbol=3D) at ../../gdb/eval= .c:597 #3 0x000055555580e89f in eval_op_var_msym_value (expect_type=3D, exp=3D,=20 noside=3DEVAL_NORMAL, outermost_p=3D, msymbol=3D...) at ../../gdb/eval.c:1113 #4 0x0000555555716e11 in expr::structop_operation::evaluate (this=3D0x55555626d2c0, expect_type=3D0x0,=20 exp=3D0x55555623fa20, noside=3DEVAL_NORMAL) at ../../gdb/expop.h:1034 #5 0x0000555555716d15 in expr::comparison_operation<(exp_opcode)14, &(eval_op_equal(type*, expression*, noside, exp_opcode, value*, value*))>::evaluate (this=3D0x55555623fa40, expect_type=3D0x0,=20 exp=3D0x55555623fa20, noside=3DEVAL_NORMAL) at ../../gdb/expop.h:1334 #6 0x000055555580d55d in expression::evaluate (this=3D0x55555623fa20, expect_type=3D0x0,=20 noside=3DEVAL_NORMAL) at ../../gdb/eval.c:101 #7 0x00005555556eddb2 in breakpoint_cond_eval (exp=3D0x55555623fa20) at ../../gdb/breakpoint.c:4971 #8 bpstat_check_breakpoint_conditions (bs=3D, thread=3D0x5555561b8800) at ../../gdb/breakpoint.c:5540 #9 0x00005555556f6617 in bpstat_stop_status (aspace=3D, bp_addr=3D,=20 thread=3D0x5555561b8800, ws=3D..., stop_chain=3D) at ../../gdb/breakpoint.c:5721 #10 0x00005555558b5986 in handle_syscall_event (ecs=3Decs@entry=3D0x7ffffff= fdd80) at ../../gdb/regcache.h:344 #11 0x00005555558b5eb8 in handle_inferior_event (ecs=3D0x7fffffffdd80) at ../../gdb/infrun.c:5832 --Type for more, q to quit, c to continue without paging--c #12 0x00005555558b82ff in fetch_inferior_event () at ../../gdb/infrun.c:4202 #13 0x0000555555c286d6 in gdb_wait_for_event (block=3Dblock@entry=3D1) at ../../gdbsupport/event-loop.cc:716 #14 0x0000555555c291b3 in gdb_do_one_event (mstimeout=3Dmstimeout@entry=3D-= 1) at ../../gdbsupport/event-loop.cc:264 #15 0x00005555558fb60a in start_event_loop () at ../../gdb/main.c:411 #16 captured_command_loop () at ../../gdb/main.c:471 #17 0x00005555558fd165 in captured_main (data=3Ddata@entry=3D0x7fffffffded0= ) at ../../gdb/main.c:1310 #18 gdb_main (args=3Dargs@entry=3D0x7fffffffdf00) at ../../gdb/main.c:1325 #19 0x00005555556614aa in main (argc=3D, argv=3D) at ../../gdb/gdb.c:32 I have a coredump, if needed. It was too big to attach. --=20 You are receiving this mail because: You are on the CC list for the bug.=