From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28789 invoked by alias); 17 Nov 2009 16:31:15 -0000 Received: (qmail 28779 invoked by uid 22791); 17 Nov 2009 16:31:14 -0000 X-SWARE-Spam-Status: No, hits=0.3 required=5.0 tests=AWL,BAYES_00,KAM_STOCKTIP,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 17 Nov 2009 16:30:11 +0000 Received: from int-mx04.intmail.prod.int.phx2.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.17]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id nAHGU8Fo018534 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 17 Nov 2009 11:30:09 -0500 Received: from host0.dyn.jankratochvil.net (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx04.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id nAHGU2PU030639 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 17 Nov 2009 11:30:08 -0500 Received: from host0.dyn.jankratochvil.net (localhost [127.0.0.1]) by host0.dyn.jankratochvil.net (8.14.3/8.14.3) with ESMTP id nAHGU1gR001758; Tue, 17 Nov 2009 17:30:01 +0100 Received: (from jkratoch@localhost) by host0.dyn.jankratochvil.net (8.14.3/8.14.3/Submit) id nAHGTwiY001754; Tue, 17 Nov 2009 17:29:58 +0100 Date: Tue, 17 Nov 2009 16:31:00 -0000 From: Jan Kratochvil To: gdb-patches@sourceware.org Cc: Joost van der Sluis Subject: [patch] Fix crash on reading stabs Message-ID: <20091117162958.GA827@host0.dyn.jankratochvil.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-08-17) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2009-11/txt/msg00388.txt.bz2 Hi, there is a crash on reading stabs fpc binary: https://bugzilla.redhat.com/show_bug.cgi?id=537837 Program received signal SIGSEGV, Segmentation fault. 0x000000000069db3d in read_dbx_symtab (objfile=0x1daf5f0) at dbxread.c:1369 1369 if ((namestring[0] == '-' && namestring[1] == 'l') (gdb) p/x nlist.n_strx $7 = 0xfffffff8 (gdb) p sizeof(nlist.n_strx) $10 = 8 Below the patch context is: namestring = (nlist->n_strx + file_string_table_offset + DBX_STRINGTAB (objfile)); so IMO the `(unsigned)' cast is excessive as it does not match the expression below. Such cast is there since the GDB "Initial revision" (1999). `n_strx' type: struct internal_nlist { unsigned long n_strx; /* Index into string table of name. */ ... }; Regression tested on {x86_64,x86_64-m32,i686}-fedora12-linux-gnu which does not mean anything with the default DWARF debug info. It was hanging for stabs so tried just a large part of gdb.base/*.exp on x86_64-m32 - `unix/-gstabs+/-m32'. If it isn't obviously approved please feel free to drop it as one should not use STABS in the first place. Regards, Jan gdb/ 2009-11-17 Jan Kratochvil * dbxread.c (set_namestring): Remove cast to unsigned. Check N_STRX overflow. --- a/gdb/dbxread.c +++ b/gdb/dbxread.c @@ -965,8 +965,9 @@ set_namestring (struct objfile *objfile, const struct internal_nlist *nlist) { char *namestring; - if (((unsigned) nlist->n_strx + file_string_table_offset) - >= DBX_STRINGTAB_SIZE (objfile)) + if (nlist->n_strx + file_string_table_offset + >= DBX_STRINGTAB_SIZE (objfile) + || nlist->n_strx + file_string_table_offset < nlist->n_strx) { complaint (&symfile_complaints, _("bad string table offset in symbol %d"), symnum);