From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <andrew.burgess@embecosm.com>
Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com
 [IPv6:2a00:1450:4864:20::343])
 by sourceware.org (Postfix) with ESMTPS id 20065385F022
 for <gdb-patches@sourceware.org>; Wed, 11 Mar 2020 11:28:36 +0000 (GMT)
Received: by mail-wm1-x343.google.com with SMTP id e26so1677666wme.5
 for <gdb-patches@sourceware.org>; Wed, 11 Mar 2020 04:28:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=embecosm.com; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=8WOanMuEQGvevhQhBWG/T2xaoGeQKjl1Pk1jVpnGaso=;
 b=Y/Tkb/ZKxYR+ahMirJ7U0yEptL8upgJ3XWlcHLYW2KJjXinfXhqkzNegSHZrpuktKb
 74/Pe6pTxY3hqIvGHRVkU13k4BGewpwKpNteDQyD12KahKTUyt2sngbziNvTV49Ti6u1
 b6Fs+Lav25qY0S4fnsbUPl50OWLEGFiGxkYXTIwxLmfKheTdr/ZquyBpdYtm8G6sYBR9
 74KJRdZRX3Ns1A50I/uq3BqVY4ZsWUGegFbsheExargdsmkvdxNyO3+mTI1K/YVStXrr
 mRpDBGOb7qxxuciCU3jwVlcPKAW+xM85fo3H5nhymFyA1pXq8m7qvtroBFktsEAIOTD8
 mBaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=8WOanMuEQGvevhQhBWG/T2xaoGeQKjl1Pk1jVpnGaso=;
 b=QW1iIWjQf7xG6WIPlHTporKJM7NxNdOGugeUaVZI4rbXCkcGe27aRhFX7kZ9MkBK4N
 Qg4+9R2b4SZ9IyRr8bSFgiblE1OyLhHaowAHs7AL4/RHRpuseNWUHj7r9cKJRHWZJiGs
 3pL1VJP9ME/+5lePJoLO8uRKeX30iF2LCQ5eQFyzAnfooxmbN2t/HzaJd7wMHyV5u5kP
 dJpEqb0wp9/0dL1evfVRdMZ1lMcut9EO1/nlJpPS/GxoeACNWCV026x4/WJJXN1q9hc1
 voT8HL20myJEEY610ZZSs5Cw2u+lHl5z5rKu3Gn09IJVxdQYQqT6aIjl7l0itFcWkb0L
 IP7g==
X-Gm-Message-State: ANhLgQ2i+J65RTFNltoa+CnieEqYBBr2U6s5jEqXN9QX+Erx8HSE8a4z
 hz0DLrE+PfdJ6imrw3i/0Bj7oQ==
X-Google-Smtp-Source: ADFU+vsIVU19Ps4oOUeFCo1J6O36z+LUU70rRuf+CR7Q/1aCylGhgc6VGJfZ2dLYGdc/C9rDf+t7Fw==
X-Received: by 2002:a1c:4054:: with SMTP id n81mr3269183wma.114.1583926114994; 
 Wed, 11 Mar 2020 04:28:34 -0700 (PDT)
Received: from localhost (host86-180-62-221.range86-180.btcentralplus.com.
 [86.180.62.221])
 by smtp.gmail.com with ESMTPSA id n11sm36982918wrw.11.2020.03.11.04.28.33
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Wed, 11 Mar 2020 04:28:34 -0700 (PDT)
Date: Wed, 11 Mar 2020 11:28:33 +0000
From: Andrew Burgess <andrew.burgess@embecosm.com>
To: Simon Marchi <simark@simark.ca>
Cc: Bernd Edlinger <bernd.edlinger@hotmail.de>,
 "gdb-patches@sourceware.org" <gdb-patches@sourceware.org>
Subject: Re: [PATCHv2 0/2] Line table is_stmt support
Message-ID: <20200311112833.GH3317@embecosm.com>
References: <AM6PR03MB517018CA7EE81453672EFDEFE4E20@AM6PR03MB5170.eurprd03.prod.outlook.com>
 <cover.1583671656.git.andrew.burgess@embecosm.com>
 <AM6PR03MB517034F1A0222E7EC0001F6EE4E10@AM6PR03MB5170.eurprd03.prod.outlook.com>
 <20200310230132.GF3317@embecosm.com>
 <f19936b0-9023-29a7-f677-939cc1df73db@simark.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <f19936b0-9023-29a7-f677-939cc1df73db@simark.ca>
X-Operating-System: Linux/4.18.19-100.fc27.x86_64 (x86_64)
X-Uptime: 11:27:27 up 25 days, 22:56,
X-Fortune: MESSAGE ACKNOWLEDGED -- The Pershing II missiles have been launched.
X-Editor: GNU Emacs [ http://www.gnu.org/software/emacs ]
User-Agent: Mutt/1.9.2 (2017-12-15)
X-Spam-Status: No, score=-27.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, GIT_PATCH_1,
 GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,
 SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gdb-patches@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-patches mailing list <gdb-patches.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=unsubscribe>
List-Archive: <http://sourceware.org/pipermail/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 11:28:38 -0000

* Simon Marchi <simark@simark.ca> [2020-03-11 02:50:07 -0400]:

> On 2020-03-10 7:01 p.m., Andrew Burgess wrote:
> > * Bernd Edlinger <bernd.edlinger@hotmail.de> [2020-03-08 14:39:44 +0000]:
> > 
> >> On 3/8/20 1:50 PM, Andrew Burgess wrote:
> >>> Patch #1 is unchanged.
> >>>
> >>> Patch #2 includes additional changes in infrun.c based on Bernd's
> >>> suggested fix, as well as his additional tests.
> >>>
> >>> Bernd,
> >>>
> >>> If you are happy with this version of the patch that I'll merge this
> >>> in the next few days.
> >>>
> >>
> >> Sure, a quick smoke test shows this is still on the right track.
> >>
> >> I will post a re-based version of my follow-up patch in a moment.
> > 
> > I have now pushed this series to master.  I will review your follow up
> > patch in more detail tomorrow.
> > 
> > Thanks,
> > Andrew
> 
> Hi Andrew,
> 
> It appears that this series (patch 2/2) causes an ASan failure, see below.
> Compiling a C file with an empty main, with debug info, and loading it in GDB is
> sufficient to trigger it.

Apologies.

I pushed the patch below to fix this issue.

Thanks,
Andrew

---

>From dcc050c86c3e5160497da7aab480adae9ba284aa Mon Sep 17 00:00:00 2001
From: Andrew Burgess <andrew.burgess@embecosm.com>
Date: Wed, 11 Mar 2020 11:17:39 +0000
Subject: [PATCH] gdb: Fix out of bounds array access in
 buildsym_compunit::record_line

This commit:

  commit 8c95582da858ac981f689a6f599acacb8c5c490f
  Date:   Mon Dec 30 21:04:51 2019 +0000

      gdb: Add support for tracking the DWARF line table is-stmt field

Introduced an invalid memory access, by reading outside the bounds of
an array.

This would cause this valgrind error:

  ==7633== Invalid read of size 4
  ==7633==    at 0x4D002C: buildsym_compunit::record_line(subfile*, int, unsigned long, bool) (buildsym.c:688)
  ==7633==    by 0x5F60A5: dwarf_record_line_1(gdbarch*, subfile*, unsigned int, unsigned long, bool, dwarf2_cu*) (read.c:19956)
  ==7633==    by 0x5F63B0: lnp_state_machine::record_line(bool) (read.c:20024)
  ==7633==    by 0x5F5DD5: lnp_state_machine::handle_special_opcode(unsigned char) (read.c:19851)
  ==7633==    by 0x5F6706: dwarf_decode_lines_1(line_header*, dwarf2_cu*, int, unsigned long) (read.c:20135)
  ==7633==    by 0x5F6C57: dwarf_decode_lines(line_header*, char const*, dwarf2_cu*, dwarf2_psymtab*, unsigned long, int) (read.c:20328)
  ==7633==    by 0x5DF5F1: handle_DW_AT_stmt_list(die_info*, dwarf2_cu*, char const*, unsigned long) (read.c:10748)
  ==7633==    by 0x5DF823: read_file_scope(die_info*, dwarf2_cu*) (read.c:10796)
  ==7633==    by 0x5DDA63: process_die(die_info*, dwarf2_cu*) (read.c:9815)
  ==7633==    by 0x5DD44A: process_full_comp_unit(dwarf2_per_cu_data*, language) (read.c:9580)
  ==7633==    by 0x5DAB58: process_queue(dwarf2_per_objfile*) (read.c:8867)
  ==7633==    by 0x5CB30E: dw2_do_instantiate_symtab(dwarf2_per_cu_data*, bool) (read.c:2374)
  ==7633==  Address 0xa467f48 is 8 bytes before a block of size 16,024 alloc'd
  ==7633==    at 0x4C2CDCB: malloc (vg_replace_malloc.c:299)
  ==7633==    by 0x451FC4: xmalloc (alloc.c:60)
  ==7633==    by 0x4CFFDF: buildsym_compunit::record_line(subfile*, int, unsigned long, bool) (buildsym.c:678)
  ==7633==    by 0x5F60A5: dwarf_record_line_1(gdbarch*, subfile*, unsigned int, unsigned long, bool, dwarf2_cu*) (read.c:19956)
  ==7633==    by 0x5F63B0: lnp_state_machine::record_line(bool) (read.c:20024)
  ==7633==    by 0x5F5DD5: lnp_state_machine::handle_special_opcode(unsigned char) (read.c:19851)
  ==7633==    by 0x5F6706: dwarf_decode_lines_1(line_header*, dwarf2_cu*, int, unsigned long) (read.c:20135)
  ==7633==    by 0x5F6C57: dwarf_decode_lines(line_header*, char const*, dwarf2_cu*, dwarf2_psymtab*, unsigned long, int) (read.c:20328)
  ==7633==    by 0x5DF5F1: handle_DW_AT_stmt_list(die_info*, dwarf2_cu*, char const*, unsigned long) (read.c:10748)
  ==7633==    by 0x5DF823: read_file_scope(die_info*, dwarf2_cu*) (read.c:10796)
  ==7633==    by 0x5DDA63: process_die(die_info*, dwarf2_cu*) (read.c:9815)
  ==7633==    by 0x5DD44A: process_full_comp_unit(dwarf2_per_cu_data*, language) (read.c:9580)

gdb/ChangeLog:

	* buildsyms.c (buildsym_compunit::record_line): Avoid accessing
	previous item in the list, when the list has no items.
---
 gdb/ChangeLog  |  5 +++++
 gdb/buildsym.c | 19 +++++++++++--------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/gdb/buildsym.c b/gdb/buildsym.c
index 24aeba8e252..7155db34b08 100644
--- a/gdb/buildsym.c
+++ b/gdb/buildsym.c
@@ -681,15 +681,18 @@ buildsym_compunit::record_line (struct subfile *subfile, int line,
       m_have_line_numbers = true;
     }
 
-  /* If we have a duplicate for the previous entry then ignore the new
-     entry, except, if the new entry is setting the is_stmt flag, then
-     ensure the previous entry respects the new setting.  */
-  e = subfile->line_vector->item + subfile->line_vector->nitems - 1;
-  if (e->line == line && e->pc == pc)
+  if (subfile->line_vector->nitems > 0)
     {
-      if (is_stmt && !e->is_stmt)
-	e->is_stmt = 1;
-      return;
+      /* If we have a duplicate for the previous entry then ignore the new
+	 entry, except, if the new entry is setting the is_stmt flag, then
+	 ensure the previous entry respects the new setting.  */
+      e = subfile->line_vector->item + subfile->line_vector->nitems - 1;
+      if (e->line == line && e->pc == pc)
+	{
+	  if (is_stmt && !e->is_stmt)
+	    e->is_stmt = 1;
+	  return;
+	}
     }
 
   if (subfile->line_vector->nitems + 1 >= subfile->line_vector_length)
-- 
2.14.5