From: Corinna Vinschen <vinschen@redhat.com>
To: gdb-patches@sourceware.org
Subject: [patch] Fix crash in read_pe_exported_syms
Date: Sat, 02 Mar 2013 11:02:00 -0000 [thread overview]
Message-ID: <20130302110216.GA6765@calimero.vinschen.de> (raw)
Hi,
when running GDB from current CVS on a PE/COFF target, and if this
target has no debug symbols, nor any exported symbols, then GDB crashes
with a SEGV in the first do_cleanup called from coff_symfile_read.
The reason is that read_pe_exported_syms creates two cleanup handlers,
one of them referring to a symbol on the local stack:
struct read_pe_section_data *section_data;
[...]
section_data = xzalloc (...)
make_cleanup (free_current_contents, §ion_data);
but then returns from the function early in three different scenarios
without calling do_cleanup. The subsequent do_cleanup call in
coff_symfile_read now tries to dereference from an invalid stack address
and ultimately crashes.
Below is a patch. Ok to apply?
Thanks,
Corinna
* coff-pe-read.c (read_pe_exported_syms): Don't return without
calling do_cleanup.
Index: coff-pe-read.c
===================================================================
RCS file: /cvs/src/src/gdb/coff-pe-read.c,v
retrieving revision 1.23
diff -u -p -r1.23 coff-pe-read.c
--- coff-pe-read.c 1 Jan 2013 06:32:40 -0000 1.23
+++ coff-pe-read.c 2 Mar 2013 11:00:42 -0000
@@ -379,7 +379,7 @@ read_pe_exported_syms (struct objfile *o
/* This is not a recognized PE format file. Abort now, because
the code is untested on anything else. *FIXME* test on
further architectures and loosen or remove this test. */
- return;
+ goto cleanup;
}
/* Get pe_header, optional header and numbers of export entries. */
@@ -392,7 +392,7 @@ read_pe_exported_syms (struct objfile *o
if (num_entries < 1) /* No exports. */
{
- return;
+ goto cleanup;
}
if (is_pe64)
{
@@ -448,7 +448,7 @@ read_pe_exported_syms (struct objfile *o
if (export_size == 0)
{
/* Empty export table. */
- return;
+ goto cleanup;
}
/* Scan sections and store the base and size of the relevant
@@ -614,6 +614,7 @@ read_pe_exported_syms (struct objfile *o
fprintf_unfiltered (gdb_stdlog, _("Finished reading \"%s\", exports %ld,"
" forwards %ld, total %ld/%ld.\n"), dll_name, nbnormal,
nbforward, nbnormal + nbforward, nexp);
+cleanup:
/* Discard expdata and section_data. */
do_cleanups (back_to);
}
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
next reply other threads:[~2013-03-02 11:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-02 11:02 Corinna Vinschen [this message]
2013-03-02 15:31 ` Pierre Muller
2013-03-03 23:06 ` Sergio Durigan Junior
2013-03-03 22:53 ` Sergio Durigan Junior
2013-03-04 13:24 ` Pedro Alves
2013-03-04 14:35 ` Corinna Vinschen
2013-03-04 14:41 ` Joel Brobecker
2013-03-04 15:10 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130302110216.GA6765@calimero.vinschen.de \
--to=vinschen@redhat.com \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox