From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12947 invoked by alias); 2 Mar 2013 11:02:46 -0000 Received: (qmail 12887 invoked by uid 22791); 2 Mar 2013 11:02:27 -0000 X-Spam-Check-By: sourceware.org Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.83/v0.83-20-g38e4449) with ESMTP; Sat, 02 Mar 2013 11:02:18 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 4B712520242; Sat, 2 Mar 2013 12:02:16 +0100 (CET) Date: Sat, 02 Mar 2013 11:02:00 -0000 From: Corinna Vinschen To: gdb-patches@sourceware.org Subject: [patch] Fix crash in read_pe_exported_syms Message-ID: <20130302110216.GA6765@calimero.vinschen.de> Reply-To: gdb-patches@sourceware.org Mail-Followup-To: gdb-patches@sourceware.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2013-03/txt/msg00052.txt.bz2 Hi, when running GDB from current CVS on a PE/COFF target, and if this target has no debug symbols, nor any exported symbols, then GDB crashes with a SEGV in the first do_cleanup called from coff_symfile_read. The reason is that read_pe_exported_syms creates two cleanup handlers, one of them referring to a symbol on the local stack: struct read_pe_section_data *section_data; [...] section_data = xzalloc (...) make_cleanup (free_current_contents, §ion_data); but then returns from the function early in three different scenarios without calling do_cleanup. The subsequent do_cleanup call in coff_symfile_read now tries to dereference from an invalid stack address and ultimately crashes. Below is a patch. Ok to apply? Thanks, Corinna * coff-pe-read.c (read_pe_exported_syms): Don't return without calling do_cleanup. Index: coff-pe-read.c =================================================================== RCS file: /cvs/src/src/gdb/coff-pe-read.c,v retrieving revision 1.23 diff -u -p -r1.23 coff-pe-read.c --- coff-pe-read.c 1 Jan 2013 06:32:40 -0000 1.23 +++ coff-pe-read.c 2 Mar 2013 11:00:42 -0000 @@ -379,7 +379,7 @@ read_pe_exported_syms (struct objfile *o /* This is not a recognized PE format file. Abort now, because the code is untested on anything else. *FIXME* test on further architectures and loosen or remove this test. */ - return; + goto cleanup; } /* Get pe_header, optional header and numbers of export entries. */ @@ -392,7 +392,7 @@ read_pe_exported_syms (struct objfile *o if (num_entries < 1) /* No exports. */ { - return; + goto cleanup; } if (is_pe64) { @@ -448,7 +448,7 @@ read_pe_exported_syms (struct objfile *o if (export_size == 0) { /* Empty export table. */ - return; + goto cleanup; } /* Scan sections and store the base and size of the relevant @@ -614,6 +614,7 @@ read_pe_exported_syms (struct objfile *o fprintf_unfiltered (gdb_stdlog, _("Finished reading \"%s\", exports %ld," " forwards %ld, total %ld/%ld.\n"), dll_name, nbnormal, nbforward, nbnormal + nbforward, nexp); +cleanup: /* Discard expdata and section_data. */ do_cleanups (back_to); } -- Corinna Vinschen Cygwin Maintainer Red Hat