[Bug default/24378] New: abidiff/abidw: segfault depending on typedef DIE offset

[Bug default/24378] New: abidiff/abidw: segfault depending on typedef DIE offset

[captain.stac at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=24378

            Bug ID: 24378
           Summary: abidiff/abidw: segfault depending on typedef DIE
                    offset
           Product: libabigail
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: default
          Assignee: dodji at redhat dot com
          Reporter: captain.stac at gmail dot com
                CC: libabigail at sourceware dot org
  Target Milestone: ---

Created attachment 11695
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11695&action=edit
Object files and debug dump

Hello,

OS: gnu/linux Ubuntu 18.04
libabigail version: 1.6 (HEAD of master branch) compiled with gcc 7.3.0

I spent some time figuring out a nasty segfault I get on the binaries that are
compiled with an old gcc version and finally ended up with a small reproducer.

namespace stac {

typedef float (*Callback_t)(int x, int y);

void buggy_function(void (*iFunc)(Callback_t))
{}

} /* namespace stac */

Compilation command: g++ -g -c dwarf_bug.cpp

When compiled with gcc 4.3.2, abidw crashes.
When compiled with gcc 4.9.4, abidw works.

The reason of this bug is that gcc 4.3.2 emits the die for the typedef
Callback_t after the ones describing the 'buggy_function'. In this case, the
'Callback_t' cannot be added to the die_istring_map_type map because trying to
get the pretty name of this type implies first to get the parent scope
'buggy_function' which in turn need the Callback_t.

This infinite loop crashes the program as the stack limit is reached
(segfault).

I attach the 2 object files compiled with gcc 4.3.2 and 4.9.4 and their
debug-dump showing this.

I am working with many versions of gcc (4.3.2, 4.9.4, 6.5.0, 7.3.0, 8.3.1, 9.x)
and I only experience this bug with 4.3.2 (which is using DWARF2 and all the
others DWARF4).

Regards,
Stac

PS: congrats for this lib/tool !

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug default/24378] abidiff/abidw: segfault depending on typedef DIE offset

[dodji at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=24378

dodji at redhat dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |ASSIGNED
   Last reconfirmed|                            |2019-03-25
     Ever confirmed|0                           |1

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug default/24378] abidiff/abidw: segfault depending on typedef DIE offset

[captain.stac at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=24378

--- Comment #1 from captain.stac at gmail dot com ---
Oups, sorry the snippet to reproduce is this one:

namespace stac {

typedef float (*Callback_t)(int x, int y);

} /* namespace stac */

namespace stac {

void buggy_function(void (*iFunc)(Callback_t))
{}

} /* namespace stac */

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug default/24378] DW_TAG_subroutine_type as a DIE scope causes infinite loop in the DWARF reader

[dodji at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=24378

dodji at redhat dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|abidiff/abidw: segfault     |DW_TAG_subroutine_type as a
                   |depending on typedef DIE    |DIE scope causes infinite
                   |offset                      |loop in the DWARF reader

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug default/24378] abidiff/abidw: segfault depending on typedef DIE offset

[dodji at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=24378

--- Comment #2 from dodji at redhat dot com ---
Thank you for taking the time to file this issue along with the nice
reproducer.  This is much appreciated!

I have thus reproduced the issue thanks to your work.  I am working on this.

Sorry for the inconvenience.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug default/24378] DW_TAG_subroutine_type as a DIE scope causes infinite loop in the DWARF reader

[dodji at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=24378

dodji at redhat dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from dodji at redhat dot com ---
This bug should now be fixed in the master branch of the Git repository by
commit
https://sourceware.org/git/gitweb.cgi?p=libabigail.git;a=commit;h=5bb7194b0a21ac7633f539634f6f3eb7ea2a22e1
and should be available in the commit 1.6 version of the Libabigail package
tarball.

Thank you again for taking the time to file this issue and sorry for the
inconvenience.

-- 
You are receiving this mail because:
You are on the CC list for the bug.