[binutils-gdb] gdb: Fix out of bounds array access in buildsym_compunit::record_line

[binutils-gdb] gdb: Fix out of bounds array access in buildsym_compunit::record_line

[gdb-buildbot]

*** TEST RESULTS FOR COMMIT dcc050c86c3e5160497da7aab480adae9ba284aa ***

commit dcc050c86c3e5160497da7aab480adae9ba284aa
Author:     Andrew Burgess <andrew.burgess@embecosm.com>
AuthorDate: Wed Mar 11 11:17:39 2020 +0000
Commit:     Andrew Burgess <andrew.burgess@embecosm.com>
CommitDate: Wed Mar 11 11:24:50 2020 +0000

    gdb: Fix out of bounds array access in buildsym_compunit::record_line
    
    This commit:
    
      commit 8c95582da858ac981f689a6f599acacb8c5c490f
      Date:   Mon Dec 30 21:04:51 2019 +0000
    
          gdb: Add support for tracking the DWARF line table is-stmt field
    
    Introduced an invalid memory access, by reading outside the bounds of
    an array.
    
    This would cause this valgrind error:
    
      ==7633== Invalid read of size 4
      ==7633==    at 0x4D002C: buildsym_compunit::record_line(subfile*, int, unsigned long, bool) (buildsym.c:688)
      ==7633==    by 0x5F60A5: dwarf_record_line_1(gdbarch*, subfile*, unsigned int, unsigned long, bool, dwarf2_cu*) (read.c:19956)
      ==7633==    by 0x5F63B0: lnp_state_machine::record_line(bool) (read.c:20024)
      ==7633==    by 0x5F5DD5: lnp_state_machine::handle_special_opcode(unsigned char) (read.c:19851)
      ==7633==    by 0x5F6706: dwarf_decode_lines_1(line_header*, dwarf2_cu*, int, unsigned long) (read.c:20135)
      ==7633==    by 0x5F6C57: dwarf_decode_lines(line_header*, char const*, dwarf2_cu*, dwarf2_psymtab*, unsigned long, int) (read.c:20328)
      ==7633==    by 0x5DF5F1: handle_DW_AT_stmt_list(die_info*, dwarf2_cu*, char const*, unsigned long) (read.c:10748)
      ==7633==    by 0x5DF823: read_file_scope(die_info*, dwarf2_cu*) (read.c:10796)
      ==7633==    by 0x5DDA63: process_die(die_info*, dwarf2_cu*) (read.c:9815)
      ==7633==    by 0x5DD44A: process_full_comp_unit(dwarf2_per_cu_data*, language) (read.c:9580)
      ==7633==    by 0x5DAB58: process_queue(dwarf2_per_objfile*) (read.c:8867)
      ==7633==    by 0x5CB30E: dw2_do_instantiate_symtab(dwarf2_per_cu_data*, bool) (read.c:2374)
      ==7633==  Address 0xa467f48 is 8 bytes before a block of size 16,024 alloc'd
      ==7633==    at 0x4C2CDCB: malloc (vg_replace_malloc.c:299)
      ==7633==    by 0x451FC4: xmalloc (alloc.c:60)
      ==7633==    by 0x4CFFDF: buildsym_compunit::record_line(subfile*, int, unsigned long, bool) (buildsym.c:678)
      ==7633==    by 0x5F60A5: dwarf_record_line_1(gdbarch*, subfile*, unsigned int, unsigned long, bool, dwarf2_cu*) (read.c:19956)
      ==7633==    by 0x5F63B0: lnp_state_machine::record_line(bool) (read.c:20024)
      ==7633==    by 0x5F5DD5: lnp_state_machine::handle_special_opcode(unsigned char) (read.c:19851)
      ==7633==    by 0x5F6706: dwarf_decode_lines_1(line_header*, dwarf2_cu*, int, unsigned long) (read.c:20135)
      ==7633==    by 0x5F6C57: dwarf_decode_lines(line_header*, char const*, dwarf2_cu*, dwarf2_psymtab*, unsigned long, int) (read.c:20328)
      ==7633==    by 0x5DF5F1: handle_DW_AT_stmt_list(die_info*, dwarf2_cu*, char const*, unsigned long) (read.c:10748)
      ==7633==    by 0x5DF823: read_file_scope(die_info*, dwarf2_cu*) (read.c:10796)
      ==7633==    by 0x5DDA63: process_die(die_info*, dwarf2_cu*) (read.c:9815)
      ==7633==    by 0x5DD44A: process_full_comp_unit(dwarf2_per_cu_data*, language) (read.c:9580)
    
    gdb/ChangeLog:
    
            * buildsyms.c (buildsym_compunit::record_line): Avoid accessing
            previous item in the list, when the list has no items.

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 5c3d740a32..5e8fb71cd4 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2020-03-11  Andrew Burgess  <andrew.burgess@embecosm.com>
+
+	* buildsyms.c (buildsym_compunit::record_line): Avoid accessing
+	previous item in the list, when the list has no items.
+
 2020-03-11  Tom de Vries  <tdevries@suse.de>
 
 	* dwarf2/loc.c (dwarf2_evaluate_property): Handle NULL frame in
diff --git a/gdb/buildsym.c b/gdb/buildsym.c
index 24aeba8e25..7155db34b0 100644
--- a/gdb/buildsym.c
+++ b/gdb/buildsym.c
@@ -681,15 +681,18 @@ buildsym_compunit::record_line (struct subfile *subfile, int line,
       m_have_line_numbers = true;
     }
 
-  /* If we have a duplicate for the previous entry then ignore the new
-     entry, except, if the new entry is setting the is_stmt flag, then
-     ensure the previous entry respects the new setting.  */
-  e = subfile->line_vector->item + subfile->line_vector->nitems - 1;
-  if (e->line == line && e->pc == pc)
+  if (subfile->line_vector->nitems > 0)
     {
-      if (is_stmt && !e->is_stmt)
-	e->is_stmt = 1;
-      return;
+      /* If we have a duplicate for the previous entry then ignore the new
+	 entry, except, if the new entry is setting the is_stmt flag, then
+	 ensure the previous entry respects the new setting.  */
+      e = subfile->line_vector->item + subfile->line_vector->nitems - 1;
+      if (e->line == line && e->pc == pc)
+	{
+	  if (is_stmt && !e->is_stmt)
+	    e->is_stmt = 1;
+	  return;
+	}
     }
 
   if (subfile->line_vector->nitems + 1 >= subfile->line_vector_length)

Failures on Fedora-x86_64-cc-with-index, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-cc-with-index

Worker:
        fedora-x86-64-1

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/20/builds/2378

Author:
        Andrew Burgess <andrew.burgess@embecosm.com>

Commit tested:
        dcc050c86c3e5160497da7aab480adae9ba284aa

Subject of commit:
        gdb: Fix out of bounds array access in buildsym_compunit::record_line

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-cc-with-index/dc/dcc050c86c3e5160497da7aab480adae9ba284aa/

*** Diff to previous build ***
==============================================
PASS -> KFAIL: gdb.threads/non-ldr-exit.exp: program exits normally
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 1st thread: print k
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 1st thread: print r
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 1st thread: print z
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 2nd stop: print i
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 2nd stop: print j
PASS -> KFAIL: gdb.threads/process-dies-while-handling-bp.exp: non_stop=off: cond_bp_target=1: inferior 1 exited
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-cc-with-index/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-cc-with-index/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.table.gz>

Failures on Fedora-x86_64-m64, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-m64

Worker:
        fedora-x86-64-4

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/3/builds/2488

Author:
        Andrew Burgess <andrew.burgess@embecosm.com>

Commit tested:
        dcc050c86c3e5160497da7aab480adae9ba284aa

Subject of commit:
        gdb: Fix out of bounds array access in buildsym_compunit::record_line

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa/

*** Diff to previous build ***
==============================================
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 2nd stop: print i
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 2nd stop: print j
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: outer_threads: outer stop: print i
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: outer_threads: outer stop: print j
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: single_scope: first thread: print i3
PASS -> KFAIL: gdb.threads/process-dies-while-handling-bp.exp: non_stop=off: cond_bp_target=0: inferior 1 exited
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.table.gz>

Failures on Fedora-x86_64-native-extended-gdbserver-m32, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-native-extended-gdbserver-m32

Worker:
        fedora-x86-64-1

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/4/builds/2324

Author:
        Andrew Burgess <andrew.burgess@embecosm.com>

Commit tested:
        dcc050c86c3e5160497da7aab480adae9ba284aa

Subject of commit:
        gdb: Fix out of bounds array access in buildsym_compunit::record_line

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m32/dc/dcc050c86c3e5160497da7aab480adae9ba284aa/

*** Diff to previous build ***
==============================================
PASS -> FAIL: gdb.base/reread.exp: opts= "-fPIE" "ldflags=-pie" : second pass: run to foo
PASS -> UNRESOLVED: gdb.threads/attach-into-signal.exp: threaded: attach
new FAIL: gdb.threads/attach-into-signal.exp: threaded: thread apply 2 print $_siginfo.si_signo
PASS -> KFAIL: gdb.threads/process-dies-while-handling-bp.exp: non_stop=off: cond_bp_target=0: inferior 1 exited
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m32/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m32/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.table.gz>

Failures on Fedora-x86_64-native-extended-gdbserver-m64, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-native-extended-gdbserver-m64

Worker:
        fedora-x86-64-4

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/2/builds/2324

Author:
        Andrew Burgess <andrew.burgess@embecosm.com>

Commit tested:
        dcc050c86c3e5160497da7aab480adae9ba284aa

Subject of commit:
        gdb: Fix out of bounds array access in buildsym_compunit::record_line

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa/

*** Diff to previous build ***
==============================================
PASS -> FAIL: gdb.multi/multi-re-run.exp: re_run_inf=1: iter=1: continue until exit
PASS -> FAIL: gdb.multi/multi-re-run.exp: re_run_inf=1: iter=1: print re_run_var_1
new UNRESOLVED: gdb.multi/multi-re-run.exp: re_run_inf=1: iter=2: delete all breakpoints in delete_breakpoints
PASS -> UNRESOLVED: gdb.multi/multi-re-run.exp: re_run_inf=1: iter=2: setting breakpoint at all_started
PASS -> FAIL: gdb.multi/multi-re-run.exp: re_run_inf=2: iter=1: continue until exit
PASS -> FAIL: gdb.multi/multi-re-run.exp: re_run_inf=2: iter=1: print re_run_var_2
new UNRESOLVED: gdb.multi/multi-re-run.exp: re_run_inf=2: iter=2: delete all breakpoints in delete_breakpoints
PASS -> UNRESOLVED: gdb.multi/multi-re-run.exp: re_run_inf=2: iter=2: setting breakpoint at all_started
UNRESOLVED -> FAIL: gdb.threads/fork-plus-threads.exp: detach-on-fork=off: inferior 1 exited
new FAIL: gdb.threads/fork-plus-threads.exp: detach-on-fork=off: only inferior 1 left
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: multi_scope: first thread: print i02
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: multi_scope: first thread: print i12
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: multi_scope: first thread: print i22
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 2nd thread: print k
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 2nd thread: print r
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 2nd thread: print z
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 1st stop: print i
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 1st stop: print j
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: single_scope: first thread: print i3
new KFAIL: gdb.threads/watchthreads2.exp: gdb can drop watchpoints in multithreaded app
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.table.gz>

Failures on Fedora-x86_64-native-gdbserver-m64, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-native-gdbserver-m64

Worker:
        fedora-x86-64-2

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/22/builds/2324

Author:
        Andrew Burgess <andrew.burgess@embecosm.com>

Commit tested:
        dcc050c86c3e5160497da7aab480adae9ba284aa

Subject of commit:
        gdb: Fix out of bounds array access in buildsym_compunit::record_line

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa/

*** Diff to previous build ***
==============================================
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 1st thread: print k
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 1st thread: print r
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 1st thread: print z
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 4th stop: print i
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 4th stop: print j
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.table.gz>

Failures on Ubuntu-Aarch64-native-extended-gdbserver-m64, branch master

[gdb-buildbot]

Buildername:
        Ubuntu-Aarch64-native-extended-gdbserver-m64

Worker:
        ubuntu-aarch64

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/5/builds/2208

Author:
        Andrew Burgess <andrew.burgess@embecosm.com>

Commit tested:
        dcc050c86c3e5160497da7aab480adae9ba284aa

Subject of commit:
        gdb: Fix out of bounds array access in buildsym_compunit::record_line

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Ubuntu-Aarch64-native-extended-gdbserver-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa/

*** Diff to previous build ***
==============================================
PASS -> UNRESOLVED: gdb.threads/attach-into-signal.exp: threaded: attach
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Ubuntu-Aarch64-native-extended-gdbserver-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Ubuntu-Aarch64-native-extended-gdbserver-m64/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.table.gz>

Failures on Fedora-x86_64-native-gdbserver-m32, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-native-gdbserver-m32

Worker:
        fedora-x86-64-3

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/24/builds/2326

Author:
        Andrew Burgess <andrew.burgess@embecosm.com>

Commit tested:
        dcc050c86c3e5160497da7aab480adae9ba284aa

Subject of commit:
        gdb: Fix out of bounds array access in buildsym_compunit::record_line

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m32/dc/dcc050c86c3e5160497da7aab480adae9ba284aa/

*** Diff to previous build ***
==============================================
PASS -> FAIL: gdb.threads/interrupted-hand-call.exp: continue until exit
PASS -> KFAIL: gdb.threads/process-dies-while-handling-bp.exp: non_stop=off: cond_bp_target=0: inferior 1 exited
PASS -> FAIL: gdb.threads/thread-unwindonsignal.exp: continue until exit
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m32/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m32/dc/dcc050c86c3e5160497da7aab480adae9ba284aa//xfail.table.gz>