[Bug python/31366] New: Frame.static_link() segfaults

[Bug python/31366] New: Frame.static_link() segfaults

[kent at slaney dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31366

            Bug ID: 31366
           Summary: Frame.static_link() segfaults
           Product: gdb
           Version: HEAD
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: python
          Assignee: unassigned at sourceware dot org
          Reporter: kent at slaney dot org
  Target Milestone: ---

GDB segfaults after calling (from Python) `gdb.selected_frame().static_link()`.
I expected it to return `None`. The bug can be reproduced via the default
command for the Dockerfile in this repo:

https://github.com/kentslaney/cython/tree/gdb-segfault

I've also uploaded the image to kentslaney/cython-gdb on docker.io:

https://hub.docker.com/layers/kentslaney/cython-gdb/latest/images/sha256-a6f49afe38ea6bc5d4411e9cb800fdd5350a9882f30fc0a4012be4948906a58f?context=repo

It's far from a minimal reproduction thus far; I'm hoping to continue looking
into the problem myself and will update as I go.

OS: archlinux:latest
Build: HEAD plus this patch for docker compatibility:

https://raw.githubusercontent.com/ali1234/rpi-toolchain/2ea7ffdae865ce54f53ed69ccf5e7d31d90dfb72/patches/gdb/8.2.1/0001-DouglasRoyds-workaround-for-deeply-nested-confdir3.patch

via

https://github.com/crosstool-ng/crosstool-ng/issues/1166

Config: --with-system-readline --with-python="`which python-dbg`"

python-dbg from AUR, Python 3.10 build plus debugging symbols

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug python/31366] Frame.static_link() segfaults

[ssbssa at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31366

Hannes Domani <ssbssa at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ssbssa at sourceware dot org

--- Comment #1 from Hannes Domani <ssbssa at sourceware dot org> ---
I think what happens is that inside frame_follow_static_link either
get_frame_block() or frame_block->function_block() returned NULL, and both are
not checked.
So if you happen to have a backtrace of the gdb crash, this should be simple to
confirm.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug python/31366] Frame.static_link() segfaults

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31366

Tom Tromey <tromey at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2024-02-10
                 CC|                            |tromey at sourceware dot org
     Ever confirmed|0                           |1

--- Comment #2 from Tom Tromey <tromey at sourceware dot org> ---
This can happen when there is no debuginfo -- the frame won't
have a block.  It's an oversight just where Hannes points out.

Hannes, were you going to fix this?  Otherwise I will -- just let
me know.  I think this could go in the gdb-14 branch as well.

Kent -- as a workaround, I think you can check before calling:

if frame.block() is not None:
   frame.static_link() ...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug python/31366] Frame.static_link() segfaults

[ssbssa at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31366

--- Comment #3 from Hannes Domani <ssbssa at sourceware dot org> ---
(In reply to Tom Tromey from comment #2)
> This can happen when there is no debuginfo -- the frame won't
> have a block.  It's an oversight just where Hannes points out.

You're right, I could easily reproduce it without debug info:
```
Temporary breakpoint 1, 0x000000013f821650 in main ()
(gdb) py print(gdb.selected_frame().static_link())

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
```

> Hannes, were you going to fix this?  Otherwise I will -- just let
> me know.  I think this could go in the gdb-14 branch as well.

https://sourceware.org/pipermail/gdb-patches/2024-February/206510.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug python/31366] Frame.static_link() segfaults

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31366

--- Comment #4 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Hannes Domani <ssbssa@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1d197b254519d68245d460cad1dd835874f6629b

commit 1d197b254519d68245d460cad1dd835874f6629b
Author: Hannes Domani <ssbssa@yahoo.de>
Date:   Sun Feb 11 17:40:59 2024 +0100

    Fix crash when calling Frame.static_link

    If you try to call Frame.static_link for a frame without debug info,
    gdb crashes:
    ```
    Temporary breakpoint 1, 0x000000013f821650 in main ()
    (gdb) py print(gdb.selected_frame().static_link())

    This application has requested the Runtime to terminate it in an unusual
way.
    Please contact the application's support team for more information.
    ```

    The problem was a missing check if get_frame_block returns nullptr
    inside frame_follow_static_link.

    With this, it works:
    ```
    Temporary breakpoint 1, 0x000000013f941650 in main ()
    (gdb) py print(gdb.selected_frame().static_link())
    None
    ```

    Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31366
    Approved-By: Tom Tromey <tom@tromey.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug python/31366] Frame.static_link() segfaults

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31366

--- Comment #5 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The gdb-14-branch branch has been updated by Hannes Domani
<ssbssa@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39a61855d4e42d0b97e4eef22674d829864798e3

commit 39a61855d4e42d0b97e4eef22674d829864798e3
Author: Hannes Domani <ssbssa@yahoo.de>
Date:   Sun Feb 11 17:40:59 2024 +0100

    Fix crash when calling Frame.static_link

    If you try to call Frame.static_link for a frame without debug info,
    gdb crashes:
    ```
    Temporary breakpoint 1, 0x000000013f821650 in main ()
    (gdb) py print(gdb.selected_frame().static_link())

    This application has requested the Runtime to terminate it in an unusual
way.
    Please contact the application's support team for more information.
    ```

    The problem was a missing check if get_frame_block returns nullptr
    inside frame_follow_static_link.

    With this, it works:
    ```
    Temporary breakpoint 1, 0x000000013f941650 in main ()
    (gdb) py print(gdb.selected_frame().static_link())
    None
    ```

    Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31366
    Approved-By: Tom Tromey <tom@tromey.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug python/31366] Frame.static_link() segfaults

[ssbssa at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31366

Hannes Domani <ssbssa at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |14.2
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #6 from Hannes Domani <ssbssa at sourceware dot org> ---
Fixed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.