public inbox for gdb-prs@sourceware.org help / color / mirror / Atom feed
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org> To: gdb-prs@sourceware.org Subject: [Bug gdb/31254] [gdb, arm] FAIL: gdb.threads/staticthreads.exp: up 10 Date: Mon, 05 Feb 2024 10:04:21 +0000 [thread overview] Message-ID: <bug-31254-4717-eBDzfE669J@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-31254-4717@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=31254 --- Comment #25 from Sourceware Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Tom de Vries <vries@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bae2a57f4c07f46093e7bf00fec2554868e77189 commit bae2a57f4c07f46093e7bf00fec2554868e77189 Author: Tom de Vries <tdevries@suse.de> Date: Mon Feb 5 11:04:06 2024 +0100 [gdb/tdep] Fix use-after-free in arm_exidx_fill_cache On arm-linux the linaro CI occasionally reports: ... (gdb) up 10 #4 0x0001b864 in pthread_join () (gdb) FAIL: gdb.threads/staticthreads.exp: up 10 ... while this is expected: ... (gdb) up 10 #3 0x00010568 in main (argc=1, argv=0xfffeede4) at staticthreads.c:76 76 pthread_join (thread, NULL); (gdb) PASS: gdb.threads/staticthreads.exp: up 10 ... Thiago investigated the problem, and using valgrind found an invalid read in arm_exidx_fill_cache. The problem happens as follows: - an objfile and corresponding per_bfd are allocated - some memory is allocated in arm_exidx_new_objfile using objfile->objfile_obstack, for the "exception table entry cache". - a symbol reread is triggered, and the objfile, including the objfile_obstack, is destroyed - a new objfile is allocated, using the same per_bfd - again arm_exidx_new_objfile is called, but since the same per_bfd is used, it doesn't allocate any new memory for the "exception table entry cache". - the "exception table entry cache" is accessed by arm_exidx_fill_cache, and we have a use-after-free. This is a regression since commit a2726d4ff80 ("[ARM] Store exception handling information per-bfd instead of per-objfile"), which changed the "exception table entry cache" from per-objfile to per-bfd, but failed to update the obstack_alloc. Fix this by using objfile->per_bfd->storage_obstack instead of objfile->objfile_obstack. I couldn't reproduce the FAIL myself, but Thiago confirmed that the patch fixes it. Tested on arm-linux. Approved-By: Luis Machado <luis.machado@arm.com> PR tdep/31254 Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31254 -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2024-02-05 10:04 UTC|newest] Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top 2024-01-17 16:07 [Bug gdb/31254] New: " vries at gcc dot gnu.org 2024-01-17 16:08 ` [Bug gdb/31254] " vries at gcc dot gnu.org 2024-01-17 16:08 ` vries at gcc dot gnu.org 2024-01-17 16:12 ` vries at gcc dot gnu.org 2024-01-17 16:14 ` vries at gcc dot gnu.org 2024-01-17 16:19 ` vries at gcc dot gnu.org 2024-01-17 16:23 ` thiago.bauermann at linaro dot org 2024-01-17 16:37 ` luis.machado at arm dot com 2024-01-17 16:37 ` thiago.bauermann at linaro dot org 2024-01-17 16:44 ` thiago.bauermann at linaro dot org 2024-01-18 17:12 ` adhemerval.zanella at linaro dot org 2024-01-18 17:42 ` vries at gcc dot gnu.org 2024-01-18 19:15 ` thiago.bauermann at linaro dot org 2024-01-18 19:54 ` thiago.bauermann at linaro dot org 2024-01-19 10:32 ` vries at gcc dot gnu.org 2024-01-19 10:38 ` vries at gcc dot gnu.org 2024-01-24 2:51 ` thiago.bauermann at linaro dot org 2024-01-24 2:55 ` thiago.bauermann at linaro dot org 2024-01-31 4:03 ` thiago.bauermann at linaro dot org 2024-02-01 3:24 ` thiago.bauermann at linaro dot org 2024-02-01 10:04 ` vries at gcc dot gnu.org 2024-02-01 10:10 ` luis.machado at arm dot com 2024-02-01 18:32 ` thiago.bauermann at linaro dot org 2024-02-01 20:28 ` tdevries at suse dot de 2024-02-02 1:39 ` thiago.bauermann at linaro dot org 2024-02-03 3:26 ` thiago.bauermann at linaro dot org 2024-02-05 5:56 ` vries at gcc dot gnu.org 2024-02-05 10:04 ` cvs-commit at gcc dot gnu.org [this message] 2024-02-05 10:05 ` [Bug tdep/31254] [gdb/tdep, " vries at gcc dot gnu.org 2024-02-06 21:32 ` cvs-commit at gcc dot gnu.org 2024-02-06 21:33 ` cvs-commit at gcc dot gnu.org 2024-02-07 8:00 ` vries at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-31254-4717-eBDzfE669J@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=gdb-prs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).