From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-55767-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 16845 invoked by alias); 4 May 2008 13:14:43 -0000
Received: (qmail 16834 invoked by uid 22791); 4 May 2008 13:14:42 -0000
X-Spam-Check-By: sourceware.org
Received: from host0.dyn.jankratochvil.net (HELO host0.dyn.jankratochvil.net) (89.250.240.59)     by sourceware.org (qpsmtpd/0.31) with ESMTP; Sun, 04 May 2008 13:14:14 +0000
Received: from host0.dyn.jankratochvil.net (localhost [127.0.0.1]) 	by host0.dyn.jankratochvil.net (8.14.2/8.14.2) with ESMTP id m44DE4BR030688; 	Sun, 4 May 2008 15:14:04 +0200
Received: (from jkratoch@localhost) 	by host0.dyn.jankratochvil.net (8.14.2/8.14.2/Submit) id m44DE3Eh030687; 	Sun, 4 May 2008 15:14:03 +0200
Date: Sun, 04 May 2008 14:14:00 -0000
From: Jan Kratochvil <jan.kratochvil@redhat.com>
To: gdb-patches@sourceware.org
Cc: Daniel Jacobowitz <drow@false.org>
Subject: Re: [patch] 2/3: Fix crash on self-looping DW_OP_fbreg
Message-ID: <20080504131403.GA26995@host0.dyn.jankratochvil.net>
References: <20080428083732.GB12394@host0.dyn.jankratochvil.net> <20080501202903.GR22218@caradoc.them.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="opJtzjQTFsWo+cga"
Content-Disposition: inline
In-Reply-To: <20080501202903.GR22218@caradoc.them.org>
User-Agent: Mutt/1.5.17 (2007-11-01)
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2008-05/txt/msg00168.txt.bz2


--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-length: 590

On Thu, 01 May 2008 22:29:04 +0200, Daniel Jacobowitz wrote:
...
> OK.  Do we need a cleanup for this though?  If we error out, we won't
> get back until we create a new context, so missing the decrement
> is not a problem.

I find it too fragile relying only on the current callers of DWARF_EXPR_EVAL.
There may be a hard to catch bug after someone wraps some part of the code by
CATCH_EXCEPTIONS and expects DWARF_EXPR_CONTEXT passed into the
CATCH_EXCEPTIONS block will stay uncorrupted afterwards.

Attached a discouraged simplified patch not using the exception system.


Regards,
Jan

--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline; filename="gdb-fbreg-loop-nonex.patch"
Content-length: 2604

2008-05-04  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* Makefile.in: Update dependencies.
	* dwarf2expr.c: New include "gdb_assert.h".
	(new_dwarf_expr_context): Initialize MAX_RECURSION_DEPTH.
	(dwarf_expr_eval): Sanity check the RECURSION_DEPTH count.
	(execute_stack_op): Error out on too large RECURSION_DEPTH.
	Increase/decrease RECURSION_DEPTH around the function.

--- ./gdb/Makefile.in	24 Apr 2008 10:21:44 -0000	1.1004
+++ ./gdb/Makefile.in	28 Apr 2008 00:26:38 -0000
@@ -2077,7 +2077,7 @@ dummy-frame.o: dummy-frame.c $(defs_h) $
 dfp.o: dfp.c $(defs_h) $(expression_h) $(gdbtypes_h) $(value_h) $(dfp_h) \
 	$(decimal128_h) $(decimal64_h) $(decimal32_h)
 dwarf2expr.o: dwarf2expr.c $(defs_h) $(symtab_h) $(gdbtypes_h) $(value_h) \
-	$(gdbcore_h) $(elf_dwarf2_h) $(dwarf2expr_h)
+	$(gdbcore_h) $(elf_dwarf2_h) $(dwarf2expr_h) $(gdb_assert_h)
 dwarf2-frame.o: dwarf2-frame.c $(defs_h) $(dwarf2expr_h) $(elf_dwarf2_h) \
 	$(frame_h) $(frame_base_h) $(frame_unwind_h) $(gdbcore_h) \
 	$(gdbtypes_h) $(symtab_h) $(objfiles_h) $(regcache_h) \
--- ./gdb/dwarf2expr.c	18 Mar 2008 19:40:47 -0000	1.25
+++ ./gdb/dwarf2expr.c	4 May 2008 13:05:56 -0000
@@ -27,6 +27,7 @@
 #include "gdbcore.h"
 #include "elf/dwarf2.h"
 #include "dwarf2expr.h"
+#include "gdb_assert.h"
 
 /* Local prototypes.  */
 
@@ -46,6 +46,7 @@ new_dwarf_expr_context (void)
   retval->stack = xmalloc (retval->stack_allocated * sizeof (CORE_ADDR));
   retval->num_pieces = 0;
   retval->pieces = 0;
+  retval->max_recursion_depth = 0x100;
   return retval;
 }
 
@@ -134,7 +135,13 @@ add_piece (struct dwarf_expr_context *ct
 void
 dwarf_expr_eval (struct dwarf_expr_context *ctx, gdb_byte *addr, size_t len)
 {
+  int old_recursion_depth = ctx->recursion_depth;
+
   execute_stack_op (ctx, addr, addr + len);
+
+  /* CTX RECURSION_DEPTH becomes invalid if an exception was thrown here.  */
+
+  gdb_assert (ctx->recursion_depth == old_recursion_depth);
 }
 
 /* Decode the unsigned LEB128 constant at BUF into the variable pointed to
@@ -281,6 +286,11 @@ execute_stack_op (struct dwarf_expr_cont
   ctx->in_reg = 0;
   ctx->initialized = 1;  /* Default is initialized.  */
 
+  if (ctx->recursion_depth > ctx->max_recursion_depth)
+    error (_("DWARF-2 expression error: Loop detected (%d)."),
+	   ctx->recursion_depth);
+  ctx->recursion_depth++;
+
   while (op_ptr < op_end)
     {
       enum dwarf_location_atom op = *op_ptr++;
@@ -739,4 +749,7 @@ execute_stack_op (struct dwarf_expr_cont
       dwarf_expr_push (ctx, result);
     no_push:;
     }
+
+  ctx->recursion_depth--;
+  gdb_assert (ctx->recursion_depth >= 0);
 }

--opJtzjQTFsWo+cga--