From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 67280 invoked by alias); 19 Nov 2015 13:27:45 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 67265 invoked by uid 89); 19 Nov 2015 13:27:45 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 X-HELO: usevmg20.ericsson.net Received: from usevmg20.ericsson.net (HELO usevmg20.ericsson.net) (198.24.6.45) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Thu, 19 Nov 2015 13:27:40 +0000 Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id 7C.6A.32596.23C6D465; Thu, 19 Nov 2015 07:29:06 +0100 (CET) Received: from [142.133.110.144] (147.117.188.8) by smtp-am.internal.ericsson.com (147.117.188.86) with Microsoft SMTP Server id 14.3.248.2; Thu, 19 Nov 2015 08:27:37 -0500 Subject: Re: [PATCH] Fix '-data-read-memory-bytes' typo/assertion To: Don Breazeal , References: <1447894382-1469-1-git-send-email-donb@codesourcery.com> From: Simon Marchi Message-ID: <564DCE49.6040305@ericsson.com> Date: Thu, 19 Nov 2015 13:27:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <1447894382-1469-1-git-send-email-donb@codesourcery.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2015-11/txt/msg00391.txt.bz2 On 15-11-18 07:53 PM, Don Breazeal wrote: > This patch fixes a typo in target.c:read_memory_robust, where > it calls read_whatever_is_readable with the function arguments > in the wrong order. Depending on the address being read, it > can cause an xmalloc with a huge size, resulting in an assertion > failure, or just read something other than what was requested. > > The problem only arises when GDB is handling an MI > "-data-read-memory-bytes" request and the initial target_read returns > an error status. Note that read_memory_robust is only called from > the MI code. > > Function definition: > static void > read_whatever_is_readable (struct target_ops *ops, > const ULONGEST begin, const ULONGEST end, > int unit_size, > VEC(memory_read_result_s) **result) > > Function call: > read_whatever_is_readable (ops, offset + xfered_total, unit_size, > offset + xfered_total + to_read, &result); > > If we debug gdb, generate the error, and break just before the call to > read_whatever_is_readable, we see: > > # Generate an error by trying to read a bogus address in the GDB > # that is under debug. > (gdb) interpreter-exec mi "-data-read-memory-bytes 1073741752 216" > > # GDB-under-debug stops at the breakpoint on the call to > # read_whatever_is_readable. > Breakpoint 1, read_memory_robust (ops=0xe70150, offset=1073741752, len=216) > at /scratch/dbreazea/sandbox/gdb-5611/binutils-gdb/gdb/target.c:1825 > 1825 read_whatever_is_readable (ops, offset + xfered_total, unit_size, > (top) p unit_size > $1 = 1 > > # Step into the function. > (top) step > read_whatever_is_readable (ops=0xe70150, begin=1073741752, end=1, > unit_size=1073741968, result=0x7fffffffdd40) > at /scratch/dbreazea/sandbox/gdb-5611/binutils-gdb/gdb/target.c:1658 > 1658 gdb_byte *buf = (gdb_byte *) xmalloc (end - begin); > > # unit_size was passed as 'end', and we are going to xmalloc a large > # number and assert. > (top) p end-begin > $2 = 18446744072635809865 > (top) c > Continuing. > "/scratch/dbreazea/sandbox/gdb-5611/binutils-gdb/gdb/utils.c:1072: internal-error: virtual memory exhausted.\nA problem internal to GDB has been detected,\nfurther debugging may prove unreliable.\nQuit this debugging session? (y or n) " > > # With the fixed version, (end - begin) gives the 'len' passed to > # read_memory_robust and specified by -data-read-memory-bytes > (top) p end-begin > $2 = 216 > > Tested on native x86_64 Linux with the gdb.mi tests. > > OK? > thanks > --Don > > gdb/ > 2015-11-18 Don Breazeal > > * gdb/target.c (read_memory_robust): Call > read_whatever_is_readable with arguments in the correct order. > > --- > gdb/target.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/gdb/target.c b/gdb/target.c > index 93786c3..950a1b7 100644 > --- a/gdb/target.c > +++ b/gdb/target.c > @@ -1822,8 +1822,9 @@ read_memory_robust (struct target_ops *ops, > /* Got an error reading full chunk. See if maybe we can read > some subrange. */ > xfree (buffer); > - read_whatever_is_readable (ops, offset + xfered_total, unit_size, > - offset + xfered_total + to_read, &result); > + read_whatever_is_readable (ops, offset + xfered_total, > + offset + xfered_total + to_read, > + unit_size, &result); > xfered_total += to_read; > } > else > Whoops. LGTM.