From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10706 invoked by alias); 13 Aug 2008 15:47:00 -0000 Received: (qmail 10697 invoked by uid 22791); 13 Aug 2008 15:46:59 -0000 X-Spam-Check-By: sourceware.org Received: from main.gmane.org (HELO ciao.gmane.org) (80.91.229.2) by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 13 Aug 2008 15:46:20 +0000 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1KTIY8-0000Qd-T1 for gdb-patches@sources.redhat.com; Wed, 13 Aug 2008 15:46:13 +0000 Received: from enigma.qnx.com ([209.226.137.106]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 13 Aug 2008 15:46:12 +0000 Received: from aristovski by enigma.qnx.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 13 Aug 2008 15:46:12 +0000 To: gdb-patches@sources.redhat.com From: Aleksandar Ristovski Subject: Re: [patch] nto target: fix null pointer dereference Date: Wed, 13 Aug 2008 15:47:00 -0000 Message-ID: <48A301BD.4080808@qnx.com> References: <200808121832.m7CIWcIw018392@d12av02.megacenter.de.ibm.com> <48A1FFD4.1080109@qnx.com> <20080812213207.GA30766@caradoc.them.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Daniel Jacobowitz User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) In-Reply-To: <20080812213207.GA30766@caradoc.them.org> X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2008-08/txt/msg00349.txt.bz2 Daniel Jacobowitz wrote: > On Tue, Aug 12, 2008 at 05:25:40PM -0400, Aleksandar Ristovski wrote: >> in procfs_create_inferior we call solib_create_inferior_hook, which will end up trying to determine loader base by reading inferior's memory at DT_DEBUG pointer. In our case, before the executable actually started executing, it will successfully read 0s, because dynamic loader has not been invoked yet, and the pointer to r_debug structure is not initialized. > > It should already detect that zero is invalid, since that's the same > value used initially; see e.g. calls to locate_base. Where's the read > come from? > nto_procfs.c::LM_ADDR gets called only by nto_relocate_section_addresses which replaces svr4_relocate_section_addresses. There is a slight difference in the way we treat l_addr address comparing to svr4. I will repost modified patch shortly.