From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-110716-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 20645 invoked by alias); 26 Feb 2014 22:09:28 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Received: (qmail 20625 invoked by uid 89); 26 Feb 2014 22:09:25 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.1 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 26 Feb 2014 22:09:24 +0000
Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s1QM9MXG001352	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);	Wed, 26 Feb 2014 17:09:22 -0500
Received: from host2.jankratochvil.net (ovpn-116-18.ams2.redhat.com [10.36.116.18])	by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id s1QM9I6J004269	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);	Wed, 26 Feb 2014 17:09:21 -0500
Date: Wed, 26 Feb 2014 22:09:00 -0000
From: Jan Kratochvil <jan.kratochvil@redhat.com>
To: gdb-patches@sourceware.org
Cc: Andreas Arnez <arnez@linux.vnet.ibm.com>
Subject: [patch] Fix solib list reading asan error (for PR 8882)
Message-ID: <20140226220918.GA10431@host2.jankratochvil.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="5vNYLRcllDrimb99"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-IsSubscribed: yes
X-SW-Source: 2014-02/txt/msg00815.txt.bz2


--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-length: 1415

Hi,

runtest gdb.base/corefile.exp

==23174== ERROR: AddressSanitizer: heap-use-after-free on address 0x604400008c88 at pc 0x68f0be bp 0x7fffae9d7490 sp 0x7fffae9d7480
READ of size 8 at 0x604400008c88 thread T0
    #0 0x68f0bd in svr4_read_so_list (/home/jkratoch/redhat/gdb-clean/gdb/gdb+0x68f0bd)
    #1 0x68f64e in svr4_current_sos_direct (/home/jkratoch/redhat/gdb-clean/gdb/gdb+0x68f64e)
    #2 0x68f757 in svr4_current_sos (/home/jkratoch/redhat/gdb-clean/gdb/gdb+0x68f757)
    #3 0xcebbff in update_solib_list (/home/jkratoch/redhat/gdb-clean/gdb/gdb+0xcebbff)
0x604400008c88 is located 8 bytes inside of 1104-byte region [0x604400008c80,0x6044000090d0)
freed by thread T0 here:
    #0 0x7f52677500f9 (/lib64/libasan.so.0+0x160f9)
    #1 0xd2c68a in xfree (/home/jkratoch/redhat/gdb-clean/gdb/gdb+0xd2c68a)
    #2 0xceb364 in free_so (/home/jkratoch/redhat/gdb-clean/gdb/gdb+0xceb364)
    #3 0xca59f8 in do_free_so (/home/jkratoch/redhat/gdb-clean/gdb/gdb+0xca59f8)
    #4 0x93432a in do_my_cleanups (/home/jkratoch/redhat/gdb-clean/gdb/gdb+0x93432a)
    #5 0x934406 in do_cleanups (/home/jkratoch/redhat/gdb-clean/gdb/gdb+0x934406)
    #6 0x68efa9 in svr4_read_so_list (/home/jkratoch/redhat/gdb-clean/gdb/gdb+0x68efa9)

I did not notice it during my review in:
	Re: [PATCH v2] Skip vDSO when reading SO list (PR 8882)
	https://sourceware.org/ml/gdb-patches/2013-09/msg00888.html

I will check it in.


Jan

--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline; filename=1
Content-length: 1372

Additional PR 8882 fix.

gdb/
2014-02-26  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Additional PR 8882 fix.
	* solib-svr4.c (svr4_read_so_list): Change first to first_l_name.

diff --git a/gdb/solib-svr4.c b/gdb/solib-svr4.c
index e2e173a..6c4dff7 100644
--- a/gdb/solib-svr4.c
+++ b/gdb/solib-svr4.c
@@ -1306,7 +1306,7 @@ static int
 svr4_read_so_list (CORE_ADDR lm, CORE_ADDR prev_lm,
 		   struct so_list ***link_ptr_ptr, int ignore_first)
 {
-  struct so_list *first = NULL;
+  CORE_ADDR first_l_name;
   CORE_ADDR next_lm;
 
   for (; lm != 0; prev_lm = lm, lm = next_lm)
@@ -1346,7 +1346,7 @@ svr4_read_so_list (CORE_ADDR lm, CORE_ADDR prev_lm,
 	{
 	  struct svr4_info *info = get_svr4_info ();
 
-	  first = new;
+	  first_l_name = new->lm_info->l_name;
 	  info->main_lm_addr = new->lm_info->lm_addr;
 	  do_cleanups (old_chain);
 	  continue;
@@ -1361,8 +1361,7 @@ svr4_read_so_list (CORE_ADDR lm, CORE_ADDR prev_lm,
 	     inferior executable, then this is not a normal shared
 	     object, but (most likely) a vDSO.  In this case, silently
 	     skip it; otherwise emit a warning. */
-	  if (first == NULL
-	      || new->lm_info->l_name != first->lm_info->l_name)
+	  if (first_l_name == 0 || new->lm_info->l_name != first_l_name)
 	    warning (_("Can't read pathname for load map: %s."),
 		     safe_strerror (errcode));
 	  do_cleanups (old_chain);

--5vNYLRcllDrimb99--