[patch] Fix crash reading broken stabs

[patch] Fix crash reading broken stabs

[Jan Kratochvil]

Hi,

seen this stabs from unknown variant of gcc-4.1.2:

1176586 LSYM   0      154    00000000 16682076 basic_string<char,std::char_traits<char>,std::allocator<char> >::_Rep:Tt(0,34)=s12!1,020,(0,35)=xs_Rep_base:;_S_max_size:/2(0,36)=k(0,30):_ZNSs4_Rep11_S_max_sizeE;_S_terminal:/2(0,22):_ZNSs4_Rep11_S_terminalE;_S_empty_rep_storage:/2(0,37)=ar(0,38)=r(0,38);0;037777777777;;0;3;(0,30):_ZNSs4_Rep20_S_empty_rep_storageE;_S_empty_rep::(0,39)=f(0,40)=&(0,34):_ZNSs4_Rep12_S_empty_repEv;2A?;_M_is_leaked::(0,41)=#(0,34),(0,42)=@s8;-16;,(0,43)=*(0,44)=k(0,34),(0,1);:_ZNKSs4_Rep12_M_is_leakedEv;2B.;_M_is_shared::(0,41):_ZNKSs4_Rep12_M_is_sharedEv;2B.;_M_set_leaked::(0,45)=#(0,34),(0,1),(0,33),(0,1);:_ZNSs4_Rep13_M_set_leakedEv;2A.;_M_set_sharable::(0,45):_ZNSs4_Rep15_M_set_sharableEv;2A.;_M_set_length_and_sharable::(0,46)=#(0,34),(0,1),(0,33),(0,25),(0,1);:_ZNSs4_Rep26_M_set_length_and_sharableEj;2A.;_M_refdata::(0,47)=#(0,34),(0,3),(0,33),(0,1);:_ZNSs4_Rep10_M_refdataEv;2A.;_M_grab::(0,48)=#(0,34),(0,3),(0,33),(0,5),(0,5),(0,1);:_ZNSs4_Rep7_M_grabERKSaIcES2_;2A.;_S_create::(0,49)=f(0,33):_ZNSs4_Rep9_S_createEjjRKSaIcE;2A?;_M_dispose::(0,50)=#(0,34),(0,1),(0,33),(0,5),(0,1);:_ZNSs4_Rep10_M_disposeERKSaIcE;2A.;_M_destroy::(0,51)=#(0,34),(0,1),(0,33),(0,5),(0,1);:_ZNSs4_Rep10_M_destroyERKSaIcE;2A.;_M_refcopy::(0,47):_ZNSs4_Rep10_M_refcopyEv;2A.;_M_clone::(0,52)=#(0,34),(0,3),(0,33),(0,5),(0,25),(0,1);:_ZNSs4_Rep8_M_cloneERKSaIcEj;2A.;;

There is a GDB crash at:
_M_is_leaked::(0,41)=#(0,34),(0,42)=@s8;-16;,(0,43)=*(0,44)=k(0,34),(0,1);
                                           ^^
+ [...] Some broken stabs
+	 output contained `(0,41),(0,42)=@s8;-16;,(0,43),(0,1);' where should
+	 have been present ";-16,(0,43)" reference instead.  This way the
+	 excessive ";" marker prematurely stops the parameters parsing.  */

Still I was unable to reproduce producing such STABS output.

So this patch does not try to compensate the - presumably - buggy STABS output
and parses such record incorrectly.  But it no longer crashes.

No regressions on {x86_64-m32,i686}-fedora12-linux-gnu
using --target_board unix/-gstabs+/-m32.


Thanks,
Jan


gdb/
2010-01-07  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* stabsread.c (read_args): Handle zero arguments.

gdb/testsuite/
2010-01-07  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* gdb.stabs/weird.def (args93): New.

--- a/gdb/stabsread.c
+++ b/gdb/stabsread.c
@@ -4111,7 +4111,17 @@ read_args (char **pp, int end, struct objfile *objfile, int *nargsp,
     }
   (*pp)++;			/* get past `end' (the ':' character) */
 
-  if (TYPE_CODE (types[n - 1]) != TYPE_CODE_VOID)
+  if (n == 0)
+    {
+      /* We should read at least the THIS parameter here.  Some broken stabs
+	 output contained `(0,41),(0,42)=@s8;-16;,(0,43),(0,1);' where should
+	 have been present ";-16,(0,43)" reference instead.  This way the
+	 excessive ";" marker prematurely stops the parameters parsing.  */
+
+      complaint (&symfile_complaints, _("Invalid (empty) method arguments"));
+      *varargsp = 0;
+    }
+  else if (TYPE_CODE (types[n - 1]) != TYPE_CODE_VOID)
     *varargsp = 1;
   else
     {
--- a/gdb/testsuite/gdb.stabs/weird.def
+++ b/gdb/testsuite/gdb.stabs/weird.def
@@ -880,3 +880,6 @@ var3:
 .stabs "sym92:\ !#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~",N_LSYM,0,0,0
 .stabs "type92:t92=\ !#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~",N_LSYM,0,0,0
 .stabs "attr92:G392=@\ !#$%&'()*+,-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~;1",N_GSYM,0,0, 0
+
+# See read_args "Invalid (empty) method arguments" error.
+.stabs "args93:G93=#(0,93),(0,93)=@s8;-16;,(0,93),(0,93);",N_GSYM,0,0,0

Re: [patch] Fix crash reading broken stabs

[Joel Brobecker]

> gdb/
> 2010-01-07  Jan Kratochvil  <jan.kratochvil@redhat.com>
> 
> 	* stabsread.c (read_args): Handle zero arguments.

> gdb/testsuite/
> 2010-01-07  Jan Kratochvil  <jan.kratochvil@redhat.com>
> 
> 	* gdb.stabs/weird.def (args93): New.

Both OK. If you don't mind, could you add just a tiny bit of
information in the comment you added in weird.def? Something
like:

# See read_args "Invalid (empty) method arguments" error
# (there is an unexpected semi-colon after =@s8;-16 that
# used to cause a GDB crash).

Thank you,
-- 
Joel

Re: [patch] Fix crash reading broken stabs

[Jan Kratochvil]

On Fri, 08 Jan 2010 08:38:06 +0100, Joel Brobecker wrote:
> Both OK. If you don't mind, could you add just a tiny bit of
> information in the comment you added in weird.def? Something
> like:
> 
> # See read_args "Invalid (empty) method arguments" error
> # (there is an unexpected semi-colon after =@s8;-16 that
> # used to cause a GDB crash).

OK:
+# See read_args "Invalid (empty) method arguments" error; there is an
+# unexpected semi-colon after =@s8;-16 that used to cause a GDB crash.

Checked-in.


Thanks,
Jan


http://sourceware.org/ml/gdb-cvs/2010-01/msg00059.html

--- src/gdb/ChangeLog	2010/01/08 07:16:43	1.11208
+++ src/gdb/ChangeLog	2010/01/08 08:55:15	1.11209
@@ -1,3 +1,7 @@
+2010-01-09  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	* stabsread.c (read_args): Handle zero arguments.
+
 2009-01-08  Joel Brobecker  <brobecker@adacore.com>
 
 	Cannot find in-tree libiconv.a after reconfigure.
--- src/gdb/stabsread.c	2010/01/01 07:31:42	1.122
+++ src/gdb/stabsread.c	2010/01/08 08:55:16	1.123
@@ -4111,7 +4111,17 @@
     }
   (*pp)++;			/* get past `end' (the ':' character) */
 
-  if (TYPE_CODE (types[n - 1]) != TYPE_CODE_VOID)
+  if (n == 0)
+    {
+      /* We should read at least the THIS parameter here.  Some broken stabs
+	 output contained `(0,41),(0,42)=@s8;-16;,(0,43),(0,1);' where should
+	 have been present ";-16,(0,43)" reference instead.  This way the
+	 excessive ";" marker prematurely stops the parameters parsing.  */
+
+      complaint (&symfile_complaints, _("Invalid (empty) method arguments"));
+      *varargsp = 0;
+    }
+  else if (TYPE_CODE (types[n - 1]) != TYPE_CODE_VOID)
     *varargsp = 1;
   else
     {
--- src/gdb/testsuite/ChangeLog	2010/01/07 23:26:39	1.2069
+++ src/gdb/testsuite/ChangeLog	2010/01/08 08:55:16	1.2070
@@ -1,3 +1,7 @@
+2010-01-09  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	* gdb.stabs/weird.def (args93): New.
+
 2010-01-07  Doug Evans  <dje@google.com>
 
 	* lib/gdb.exp (gdb_skip_xml_test): Add comment.
--- src/gdb/testsuite/gdb.stabs/weird.def	2001/11/06 00:31:59	1.2
+++ src/gdb/testsuite/gdb.stabs/weird.def	2010/01/08 08:55:16	1.3
@@ -880,3 +880,7 @@
 .stabs "sym92:\ !#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~",N_LSYM,0,0,0
 .stabs "type92:t92=\ !#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~",N_LSYM,0,0,0
 .stabs "attr92:G392=@\ !#$%&'()*+,-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~;1",N_GSYM,0,0, 0
+
+# See read_args "Invalid (empty) method arguments" error; there is an
+# unexpected semi-colon after =@s8;-16 that used to cause a GDB crash.
+.stabs "args93:G93=#(0,93),(0,93)=@s8;-16;,(0,93),(0,93);",N_GSYM,0,0,0