[patch] Fix gdb crash on some missing ELF debug info

[patch] Fix gdb crash on some missing ELF debug info

[Jan Kratochvil]

[-- Attachment #1: Type: text/plain, Size: 610 bytes --]

Hi,

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196439

On Fedora Core 5:
	gdb /usr/lib/valgrind/x86-linux/memcheck
	break _start_in_C
	run
segfaults as the file's debug info references location list while no
".debug_loc" section exists there.
	eu-readelf -w /usr/lib/valgrind/x86-linux/memcheck
		DWARF section '.debug_info' at offset 0x14759c:
		...
		 [ 176d4]    subprogram
		...
		             name		  "_start_in_C"
		...
		             frame_base 	  location list [ 116d7]

Trivia complaint on the file coherency, no frame_info debugging available for
such functions.


Regards,
Jan Kratochvil

[-- Attachment #2: gdb-cvs20060623-debug_loc.patch --]
[-- Type: text/plain, Size: 1195 bytes --]

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196439

Fedora Core 5:
	gdb /usr/lib/valgrind/x86-linux/memcheck
	break _start_in_C
	run
segfault

eu-readelf -w /usr/lib/valgrind/x86-linux/memcheck
	DWARF section '.debug_info' at offset 0x14759c:
	...
	 [ 176d4]    subprogram
	...
	             name                 "_start_in_C"
	...
	             frame_base           location list [ 116d7]
corrupted as no location lists (.debug_loc) exist there at all.


Index: dwarf2read.c
===================================================================
RCS file: /cvs/src/src/gdb/dwarf2read.c,v
retrieving revision 1.199
diff -u -p -r1.199 dwarf2read.c
--- dwarf2read.c	14 Jun 2006 15:06:35 -0000	1.199
+++ dwarf2read.c	23 Jun 2006 10:28:44 -0000
@@ -9324,7 +9324,9 @@ static void
 dwarf2_symbol_mark_computed (struct attribute *attr, struct symbol *sym,
 			     struct dwarf2_cu *cu)
 {
-  if (attr->form == DW_FORM_data4 || attr->form == DW_FORM_data8)
+  if ((attr->form == DW_FORM_data4 || attr->form == DW_FORM_data8)
+      /* DW_UNSND (attr) != 0 would produce non-zero bogus ->size & ->data */
+      && dwarf2_per_objfile->loc_size)
     {
       struct dwarf2_loclist_baton *baton;
 

Re: [patch] Fix gdb crash on some missing ELF debug info

[Daniel Jacobowitz]

On Fri, Jun 23, 2006 at 12:37:35PM +0200, Jan Kratochvil wrote:
> Index: dwarf2read.c
> ===================================================================
> RCS file: /cvs/src/src/gdb/dwarf2read.c,v
> retrieving revision 1.199
> diff -u -p -r1.199 dwarf2read.c
> --- dwarf2read.c	14 Jun 2006 15:06:35 -0000	1.199
> +++ dwarf2read.c	23 Jun 2006 10:28:44 -0000
> @@ -9324,7 +9324,9 @@ static void
>  dwarf2_symbol_mark_computed (struct attribute *attr, struct symbol *sym,
>  			     struct dwarf2_cu *cu)
>  {
> -  if (attr->form == DW_FORM_data4 || attr->form == DW_FORM_data8)
> +  if ((attr->form == DW_FORM_data4 || attr->form == DW_FORM_data8)
> +      /* DW_UNSND (attr) != 0 would produce non-zero bogus ->size & ->data */
> +      && dwarf2_per_objfile->loc_size)
>      {
>        struct dwarf2_loclist_baton *baton;
>  

The idea is definitely right - thanks!  The patch could be a bit
better:

- We really ought to check that it fits within .debug_loc while we're
here.
- Comment formatting - comments should end with a period and two
spaces.
- And I really can't figure out what what you mean by the comment.  Do
you mean "if we get here, and DW_UNSND (attr) != 0, and we hadn't added
the next condition, then we'd end up with bogus ->size"?
- Oh, and no ChangeLog

You've been submitting a lot of fixes recently; while most of them are
small, some are big enough to probably require a copyright assignment.
Have you got one, or shall I send you the forms?

-- 
Daniel Jacobowitz
CodeSourcery

Re: [patch] Fix gdb crash on some missing ELF debug info

[Jan Kratochvil]

[-- Attachment #1: Type: text/plain, Size: 1799 bytes --]

Hi Daniel,

On Fri, 23 Jun 2006 14:39:13 +0200, Daniel Jacobowitz wrote:
...
> The idea is definitely right - thanks!  The patch could be a bit
> better:
> 
> - We really ought to check that it fits within .debug_loc while we're
> here.

OK, fixed (I feel that the DWARF2 processing code is not so foolproof).


> - And I really can't figure out what what you mean by the comment.  Do
> you mean "if we get here, and DW_UNSND (attr) != 0, and we hadn't added
> the next condition, then we'd end up with bogus ->size"?

sorry, it references the code below in dwarf2_symbol_mark_computed().

dwarf2_symbol_mark_computed():
	if (".debug_loc" is missing) {
		assume (dwarf2_per_objfile->loc_size   == 0);
		assume (dwarf2_per_objfile->loc_buffer == NULL);
	}
	assume(DW_UNSND (attr) != 0);
	baton->size = dwarf2_per_objfile->loc_size - DW_UNSND (attr);
	baton->data = dwarf2_per_objfile->loc_buffer + DW_UNSND (attr);
dwarf_expr_frame_base():
	*start = symbaton->data;
	MISSED, *(*start) crashes:
	if (*start == NULL) error ("Could not find the frame base ...");


> You've been submitting a lot of fixes recently; while most of them are
> small, some are big enough to probably require a copyright assignment.
> Have you got one, or shall I send you the forms?

I already signed the copyright assignment to FSF intended for GNU Libtool
but the assignment form looks completely project unspecific to me.
I should be listed there as "Jan Kratochvil", it may be for the e-mail address
<project-libtool@jankratochvil.net>.  Bradley M. Kuhn signed it on 7 Feb 2003.


> - Oh, and no ChangeLog

2006-06-23  Jan Kratochvil  <lace@jankratochvil.net>

	* dwarf2read.c (dwarf2_symbol_mark_computed): Fixed later crash
	on location list reference if the ".debug_loc" section is missing.


Regards,
Jan Kratochvil

[-- Attachment #2: gdb-cvs20060623-debug_loc-v2.patch --]
[-- Type: text/plain, Size: 1183 bytes --]

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196439

Fedora Core 5:
	gdb /usr/lib/valgrind/x86-linux/memcheck
	break _start_in_C
	run
segfault

eu-readelf -w /usr/lib/valgrind/x86-linux/memcheck
	DWARF section '.debug_info' at offset 0x14759c:
	...
	 [ 176d4]    subprogram
	...
	             name                 "_start_in_C"
	...
	             frame_base           location list [ 116d7]
corrupted as no location lists (.debug_loc) exist there at all.


Index: dwarf2read.c
===================================================================
RCS file: /cvs/src/src/gdb/dwarf2read.c,v
retrieving revision 1.199
diff -u -p -r1.199 dwarf2read.c
--- dwarf2read.c	14 Jun 2006 15:06:35 -0000	1.199
+++ dwarf2read.c	23 Jun 2006 12:46:34 -0000
@@ -9324,7 +9324,9 @@ static void
 dwarf2_symbol_mark_computed (struct attribute *attr, struct symbol *sym,
 			     struct dwarf2_cu *cu)
 {
-  if (attr->form == DW_FORM_data4 || attr->form == DW_FORM_data8)
+  if ((attr->form == DW_FORM_data4 || attr->form == DW_FORM_data8)
+      /* ".debug_loc" may not exist at all.  */
+      && DW_UNSND (attr) < dwarf2_per_objfile->loc_size)
     {
       struct dwarf2_loclist_baton *baton;
 

Re: [patch] Fix gdb crash on some missing ELF debug info

[Daniel Jacobowitz]

On Fri, Jun 23, 2006 at 03:07:32PM +0200, Jan Kratochvil wrote:
> OK, fixed (I feel that the DWARF2 processing code is not so foolproof).

I'm trying to improve that :-)

> > You've been submitting a lot of fixes recently; while most of them are
> > small, some are big enough to probably require a copyright assignment.
> > Have you got one, or shall I send you the forms?
> 
> I already signed the copyright assignment to FSF intended for GNU Libtool
> but the assignment form looks completely project unspecific to me.
> I should be listed there as "Jan Kratochvil", it may be for the e-mail address
> <project-libtool@jankratochvil.net>.  Bradley M. Kuhn signed it on 7 Feb 2003.

Unfortunately it's project specific.  You'd have to file another one
for GDB.

-- 
Daniel Jacobowitz
CodeSourcery

Re: [patch] Fix gdb crash on some missing ELF debug info

[Daniel Jacobowitz]

On Fri, Jun 23, 2006 at 03:07:32PM +0200, Jan Kratochvil wrote:
> 2006-06-23  Jan Kratochvil  <lace@jankratochvil.net>
> 
> 	* dwarf2read.c (dwarf2_symbol_mark_computed): Fixed later crash
> 	on location list reference if the ".debug_loc" section is missing.

I've committed this very similar patch (clearer comment).  Thanks!

-- 
Daniel Jacobowitz
CodeSourcery

2006-07-12  Daniel Jacobowitz  <dan@codesourcery.com>

	* dwarf2read.c (dwarf2_symbol_mark_computed): Handle corrupted
	or missing location list information.  Suggested by Jan
	Kratochvil <lace@jankratochvil.net>.

Index: dwarf2read.c
===================================================================
RCS file: /cvs/src/src/gdb/dwarf2read.c,v
retrieving revision 1.199
diff -u -p -r1.199 dwarf2read.c
--- dwarf2read.c	14 Jun 2006 15:06:35 -0000	1.199
+++ dwarf2read.c	12 Jul 2006 21:13:13 -0000
@@ -9324,7 +9324,11 @@ static void
 dwarf2_symbol_mark_computed (struct attribute *attr, struct symbol *sym,
 			     struct dwarf2_cu *cu)
 {
-  if (attr->form == DW_FORM_data4 || attr->form == DW_FORM_data8)
+  if ((attr->form == DW_FORM_data4 || attr->form == DW_FORM_data8)
+      /* ".debug_loc" may not exist at all, or the offset may be outside
+	 the section.  If so, fall through to the complaint in the
+	 other branch.  */
+      && DW_UNSND (attr) < dwarf2_per_objfile->loc_size)
     {
       struct dwarf2_loclist_baton *baton;
 

Re: [patch] Fix gdb crash on some missing ELF debug info

[Joel Brobecker]

> > 2006-06-23  Jan Kratochvil  <lace@jankratochvil.net>
> > 
> > 	* dwarf2read.c (dwarf2_symbol_mark_computed): Fixed later crash
> > 	on location list reference if the ".debug_loc" section is missing.
> 
> I've committed this very similar patch (clearer comment).  Thanks!

I also applied this change to the 6.5 branch.

-- 
Joel

[patch] Testcase for missing ELF debug info [Re: [patch] Fix gdb crash on some missing ELF debug info]

[Jan Kratochvil]

[-- Attachment #1: Type: text/plain, Size: 1613 bytes --]

Hi,

attached testcase for the patch committed below.


Regards,
Jan


On Wed, 12 Jul 2006 23:15:33 +0200, Daniel Jacobowitz wrote:
> On Fri, Jun 23, 2006 at 03:07:32PM +0200, Jan Kratochvil wrote:
> > 2006-06-23  Jan Kratochvil  <lace@jankratochvil.net>
> > 
> > 	* dwarf2read.c (dwarf2_symbol_mark_computed): Fixed later crash
> > 	on location list reference if the ".debug_loc" section is missing.
> 
> I've committed this very similar patch (clearer comment).  Thanks!
> 
> -- 
> Daniel Jacobowitz
> CodeSourcery
> 
> 2006-07-12  Daniel Jacobowitz  <dan@codesourcery.com>
> 
> 	* dwarf2read.c (dwarf2_symbol_mark_computed): Handle corrupted
> 	or missing location list information.  Suggested by Jan
> 	Kratochvil <lace@jankratochvil.net>.
> 
> Index: dwarf2read.c
> ===================================================================
> RCS file: /cvs/src/src/gdb/dwarf2read.c,v
> retrieving revision 1.199
> diff -u -p -r1.199 dwarf2read.c
> --- dwarf2read.c	14 Jun 2006 15:06:35 -0000	1.199
> +++ dwarf2read.c	12 Jul 2006 21:13:13 -0000
> @@ -9324,7 +9324,11 @@ static void
>  dwarf2_symbol_mark_computed (struct attribute *attr, struct symbol *sym,
>  			     struct dwarf2_cu *cu)
>  {
> -  if (attr->form == DW_FORM_data4 || attr->form == DW_FORM_data8)
> +  if ((attr->form == DW_FORM_data4 || attr->form == DW_FORM_data8)
> +      /* ".debug_loc" may not exist at all, or the offset may be outside
> +	 the section.  If so, fall through to the complaint in the
> +	 other branch.  */
> +      && DW_UNSND (attr) < dwarf2_per_objfile->loc_size)
>      {
>        struct dwarf2_loclist_baton *baton;
>  

[-- Attachment #2: gdb-6.5-bz196439-debug_loc-testsuite.patch --]
[-- Type: text/plain, Size: 4762 bytes --]

2006-08-26  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* gdb.dwarf2/dw2-stripped.exp: New file, Handle corrupted
	or missing location list information.
	* gdb.dwarf2/dw2-stripped.c: New file, Handle corrupted
	or missing location list information.


Testcase for:

2006-07-12  Daniel Jacobowitz  <dan@codesourcery.com>

	* dwarf2read.c (dwarf2_symbol_mark_computed): Handle corrupted
	or missing location list information.  Suggested by Jan
	Kratochvil <lace@jankratochvil.net>.

dwarf2read.c CVS rel. 1.200.


Index: testsuite/gdb.dwarf2/dw2-stripped.c
===================================================================
RCS file: testsuite/gdb.dwarf2/dw2-stripped.c
diff -N testsuite/gdb.dwarf2/dw2-stripped.c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ testsuite/gdb.dwarf2/dw2-stripped.c	26 Aug 2006 11:47:26 -0000
@@ -0,0 +1,42 @@
+/* This testcase is part of GDB, the GNU debugger.
+
+   Copyright 2004 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+ 
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+   USA.  */
+
+
+/* The function `func1' traced into must have debug info on offset > 0;
+   (DW_UNSND (attr)).  This is the reason of `func0' existence.  */
+
+void
+func0(int a, int b)
+{
+}
+
+/* `func1' being traced into must have some arguments to dump.  */
+
+void
+func1(int a, int b)
+{
+  func0 (a,b);
+}
+
+int
+main(void)
+{
+  func1 (1, 2);
+  return 0;
+}
Index: testsuite/gdb.dwarf2/dw2-stripped.exp
===================================================================
RCS file: testsuite/gdb.dwarf2/dw2-stripped.exp
diff -N testsuite/gdb.dwarf2/dw2-stripped.exp
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ testsuite/gdb.dwarf2/dw2-stripped.exp	26 Aug 2006 11:47:27 -0000
@@ -0,0 +1,79 @@
+# Copyright 2006 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+# Minimal DWARF-2 unit test
+
+# This test can only be run on targets which support DWARF-2.
+# For now pick a sampling of likely targets.
+if {![istarget *-*-linux*]
+    && ![istarget *-*-gnu*]
+    && ![istarget *-*-elf*]
+    && ![istarget *-*-openbsd*]
+    && ![istarget arm-*-eabi*]
+    && ![istarget powerpc-*-eabi*]} {
+    return 0  
+}
+
+set testfile "dw2-stripped"
+set srcfile ${testfile}.c
+set binfile ${objdir}/${subdir}/${testfile}.x
+
+remote_exec build "rm -f ${binfile}"
+
+# get the value of gcc_compiled
+if [get_compiler_info ${binfile}] {
+    return -1
+}
+
+# This test can only be run on gcc as we use additional_flags=FIXME
+if {$gcc_compiled == 0} {
+    return 0
+}
+
+if  { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}" executable {debug additional_flags=-ggdb3}] != "" } {
+    return -1
+}
+
+remote_exec build "objcopy -R .debug_loc ${binfile}"
+set strip_output [remote_exec build "objdump -h ${binfile}"]
+
+set test "stripping test file preservation"
+if [ regexp ".debug_info " $strip_output]  {
+    pass "$test (.debug_info preserved)"
+} else {
+    fail "$test (.debug_info got also stripped)"
+}
+
+set test "stripping test file functionality"
+if [ regexp ".debug_loc " $strip_output]  {
+    fail "$test (.debug_loc still present)"
+} else {
+    pass "$test (.debug_loc stripped)"
+}
+
+gdb_exit
+gdb_start
+gdb_reinitialize_dir $srcdir/$subdir
+gdb_load ${binfile}
+
+# For C programs, "start" should stop in main().
+
+gdb_test "start" \
+         ".*main \\(\\) at .*" \
+         "start"
+gdb_test "step" \
+         "func.* \\(.*\\) at .*" \
+         "step"