From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id B5EFE385F01C; Sat, 28 Oct 2023 19:34:53 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B5EFE385F01C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1698521693; bh=gqWKKw8mfzX1ghtWfZRni4VxbNLO0VxRHMfh+dMgoac=; h=From:To:Subject:Date:From; b=U+zzfZKT1JDouMOVKRxBI8L2yv2ysbtRdzpdQ8J9Dqf92grsZ003UYzC/1rjRp9aw nu8RK8QptuTuAhOCceOdDANrvHRCYtp78omK038ZIKgay2ZcsXsIT/XSex+3PgkSPF JfwBOn4+a40EnaA3H5RgWlFR/Y1Lw4687rXmWzOI= From: "tpzker at thepuzzlemaker dot info" To: gdb-prs@sourceware.org Subject: [Bug exp/31005] New: "Cannot access memory at address 0x0" for inlined function argument Date: Sat, 28 Oct 2023 19:34:52 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: exp X-Bugzilla-Version: 13.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: minor X-Bugzilla-Who: tpzker at thepuzzlemaker dot info X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D31005 Bug ID: 31005 Summary: "Cannot access memory at address 0x0" for inlined function argument Product: gdb Version: 13.1 Status: UNCONFIRMED Severity: minor Priority: P2 Component: exp Assignee: unassigned at sourceware dot org Reporter: tpzker at thepuzzlemaker dot info Target Milestone: --- Created attachment 15199 --> https://sourceware.org/bugzilla/attachment.cgi?id=3D15199&action=3Ded= it riscv64gc-unknown-none-elf binary with debuginfo I'd like to apologize in advance that I don't have an MCVE for this. Running the attached binary causes some issues with inlined function argume= nts. This binary is for my own kernel I'm developing for learning purposes, but = can be started with QEMU linux and the bug shows up before it crashes due to invalid syscall args. Note that due to #29735 this will crash if you use any extension e.g. GEF t= hat will run `info args` - Download the attached binary, and run `qemu-riscv64 -g 1234 userspace_testing` - Run in a separate tty `gdb userspace_testing` - Run `target remote :1234` - Run `si` twice - Observe the following: ``` rille::capability::RemoteCaptr::copy_deep (self=3D..., from_index=3D, into=3D...,=20 into_index=3D) at rille/src/capability/mod.rs:340 340 syscalls::captbl::copy_deep( ``` This is invalid, as `from_index` is *not* a pointer of any sort, just an integer value in one of the `a` registers (though not yet loaded at this point). When looking at the DWARF info (with llvm-dwarfdump) it shows the following: ``` 0x0000135f: DW_TAG_inlined_subroutine DW_AT_abstract_origin (0x0000000000001b84 "rille::capability::RemoteCaptr::copy_deep") DW_AT_low_pc (0x00000000000120da) DW_AT_high_pc (0x00000000000120f2) DW_AT_call_file=20=20 ("/home/wren/Code/RISCV/river/user/userspace_testing/src/main.rs") DW_AT_call_line (15) DW_AT_call_column (0x15) 0x00001373: DW_TAG_formal_parameter DW_AT_location (0x00000330:=20 [0x00000000000120d6, 0x00000000000120f2): DW_OP_lit0, DW_OP_stack_value, DW_OP_piece 0x8, DW_OP_lit1, DW_OP_stack_val= ue, DW_OP_piece 0x8) DW_AT_abstract_origin (0x0000000000001b93 "self") 0x0000137c: DW_TAG_formal_parameter DW_AT_const_value (1) DW_AT_abstract_origin (0x0000000000001b9f "from_index") 0x00001382: DW_TAG_formal_parameter DW_AT_location (0x0000036a:=20 [0x00000000000120d6, 0x00000000000120f2): DW_OP_lit0, DW_OP_stack_value, DW_OP_piece 0x8, DW_OP_lit1, DW_OP_stack_val= ue, DW_OP_piece 0x8) DW_AT_abstract_origin (0x0000000000001bab "into") 0x0000138b: DW_TAG_formal_parameter DW_AT_const_value (2) DW_AT_abstract_origin (0x0000000000001bb7 "into_index") ``` When debugging, I found that this issue stemmed from looking at the discriminant value in `compute_variant_field_inner`. This ultimately was ca= lled (skipping a few frames for the sake of brevity, they aren't important here)= in this portion of code: ``` 582 case LOC_CONST: 583 if (is_dynamic_type (type)) 584 { 585 /* Value is a constant byte-sequence and needs no memory acc= ess. */ 586 type =3D resolve_dynamic_type (type, {}, /* Unused address. = */ 0); 587 } ``` https://sourceware.org/git/?p=3Dbinutils-gdb.git;a=3Dblob;f=3Dgdb/findvar.c= ;h=3D02d498d8c587616a52613fbc3b0ee749eff122ba;hb=3D662243de0e14a4945555a480= dca33c0e677976eb#l582 With `valaddr` in `resolve_dynamic_type`'s `addrstack` empty, and a null address, it tries to read the memory at `0x0` to resolve the discriminant t= ype. This is incorrect as the discriminant field could be resolved from the cons= tant value in the DWARF debuginfo. I created a simple patch that fixes just this case, but may not fix others.= I will attach it. Feel free to change and extend on this, as long as I am a co-author on the final patch if accepted. --=20 You are receiving this mail because: You are on the CC list for the bug.=