From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7482 invoked by alias); 2 Mar 2013 15:31:22 -0000 Received: (qmail 7473 invoked by uid 22791); 2 Mar 2013 15:31:21 -0000 X-SWARE-Spam-Status: No, hits=3.6 required=5.0 tests=AWL,BAYES_05,KHOP_DNSBL_BUMP,KHOP_THREADED,MSGID_MULTIPLE_AT,RCVD_IN_HOSTKARMA_BL,RCVD_IN_JMF_BL,TW_BJ,TW_NB,TW_XZ,TW_YM X-Spam-Check-By: sourceware.org Received: from mailhost.u-strasbg.fr (HELO mailhost.u-strasbg.fr) (130.79.201.44) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sat, 02 Mar 2013 15:31:15 +0000 Received: from md14.u-strasbg.fr (md14.u-strasbg.fr [130.79.200.249]) by mailhost.u-strasbg.fr (8.14.3/jtpda-5.5pre1) with ESMTP id r22FVD3O099189 for ; Sat, 2 Mar 2013 16:31:13 +0100 (CET) (envelope-from pierre.muller@ics-cnrs.unistra.fr) Received: from mailserver.u-strasbg.fr (ms11.u-strasbg.fr [130.79.204.111]) by md14.u-strasbg.fr (8.14.3/jtpda-5.5pre1) with ESMTP id r22FVCMU017781 for ; Sat, 2 Mar 2013 16:31:13 +0100 Received: from E6510Muller (lec67-4-82-230-53-140.fbx.proxad.net [82.230.53.140]) (user=mullerp mech=LOGIN) by mailserver.u-strasbg.fr (8.14.3/jtpda-5.5pre1) with ESMTP id r22FVBuY028436 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Sat, 2 Mar 2013 16:31:12 +0100 (envelope-from pierre.muller@ics-cnrs.unistra.fr) From: "Pierre Muller" To: References: <20130302110216.GA6765@calimero.vinschen.de> In-Reply-To: <20130302110216.GA6765@calimero.vinschen.de> Subject: RE: [patch] Fix crash in read_pe_exported_syms Date: Sat, 02 Mar 2013 15:31:00 -0000 Message-ID: <00e101ce175a$f921f210$eb65d630$@muller@ics-cnrs.unistra.fr> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2013-03/txt/msg00053.txt.bz2 I am not in the position of approving the patch, but I must confess that this error is probably due to=20 the change I committed for this file (rev 1.19): http://sourceware.org/cgi-bin/cvsweb.cgi/src/gdb/coff-pe-read.c?cvsroot=3Ds= rc I still didn't really get a fully correct picture of the correct way to h= andle=20 the cleanups, but I think that your analysis is correct and that this patch= should be approved by a global maintainer. This error probably explains partly the long thread about crashes that we got with my patch for a while and that retarded its inclus= ion... We probably fixed only part of the issues... Thanks for finding this out, and sorry for the troubles. Pierre Muller PS: It would also be better that this goes in before branching 7.6! =20 > -----Message d'origine----- > De : gdb-patches-owner@sourceware.org [mailto:gdb-patches- > owner@sourceware.org] De la part de Corinna Vinschen > Envoy=C3=A9 : samedi 2 mars 2013 12:02 > =C3=80 : gdb-patches@sourceware.org > Objet : [patch] Fix crash in read_pe_exported_syms >=20 > Hi, >=20 > when running GDB from current CVS on a PE/COFF target, and if this > target has no debug symbols, nor any exported symbols, then GDB crashes > with a SEGV in the first do_cleanup called from coff_symfile_read. >=20 > The reason is that read_pe_exported_syms creates two cleanup handlers, > one of them referring to a symbol on the local stack: >=20 > struct read_pe_section_data *section_data; > [...] > section_data =3D xzalloc (...) > make_cleanup (free_current_contents, §ion_data); >=20 > but then returns from the function early in three different scenarios > without calling do_cleanup. The subsequent do_cleanup call in > coff_symfile_read now tries to dereference from an invalid stack address > and ultimately crashes. >=20 > Below is a patch. Ok to apply? >=20 >=20 > Thanks, > Corinna >=20 >=20 > * coff-pe-read.c (read_pe_exported_syms): Don't return without > calling do_cleanup. >=20 >=20 > Index: coff-pe-read.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > RCS file: /cvs/src/src/gdb/coff-pe-read.c,v > retrieving revision 1.23 > diff -u -p -r1.23 coff-pe-read.c > --- coff-pe-read.c 1 Jan 2013 06:32:40 -0000 1.23 > +++ coff-pe-read.c 2 Mar 2013 11:00:42 -0000 > @@ -379,7 +379,7 @@ read_pe_exported_syms (struct objfile *o > /* This is not a recognized PE format file. Abort now, because > the code is untested on anything else. *FIXME* test on > further architectures and loosen or remove this test. */ > - return; > + goto cleanup; > } >=20 > /* Get pe_header, optional header and numbers of export entries. */ > @@ -392,7 +392,7 @@ read_pe_exported_syms (struct objfile *o >=20 > if (num_entries < 1) /* No exports. */ > { > - return; > + goto cleanup; > } > if (is_pe64) > { > @@ -448,7 +448,7 @@ read_pe_exported_syms (struct objfile *o > if (export_size =3D=3D 0) > { > /* Empty export table. */ > - return; > + goto cleanup; > } >=20 > /* Scan sections and store the base and size of the relevant > @@ -614,6 +614,7 @@ read_pe_exported_syms (struct objfile *o > fprintf_unfiltered (gdb_stdlog, _("Finished reading \"%s\", exports > %ld," > " forwards %ld, total %ld/%ld.\n"), dll_name, nbnormal, > nbforward, nbnormal + nbforward, nexp); > +cleanup: > /* Discard expdata and section_data. */ > do_cleanups (back_to); > } >=20 > -- > Corinna Vinschen > Cygwin Maintainer > Red Hat