From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-bounces@sourceware.org>
Received: from simark.ca
	by simark.ca with LMTP
	id m72vGuHFul+GMgAAWB0awg
	(envelope-from <gdb-patches-bounces@sourceware.org>)
	for <public-inbox@simark.ca>; Sun, 22 Nov 2020 15:11:13 -0500
Received: by simark.ca (Postfix, from userid 112)
	id 604091F0AB; Sun, 22 Nov 2020 15:11:13 -0500 (EST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on simark.ca
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI,
	URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2
Received: from sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPS id 7A9CB1E58D
	for <public-inbox@simark.ca>; Sun, 22 Nov 2020 15:11:12 -0500 (EST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id F32C9384A00F;
	Sun, 22 Nov 2020 20:11:11 +0000 (GMT)
Received: from simark.ca (simark.ca [158.69.221.121])
 by sourceware.org (Postfix) with ESMTPS id 912B7384A00F
 for <gdb-patches@sourceware.org>; Sun, 22 Nov 2020 20:11:07 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 912B7384A00F
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=simark.ca
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=simark@simark.ca
Received: from [10.0.0.11] (173-246-6-90.qc.cable.ebox.net [173.246.6.90])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by simark.ca (Postfix) with ESMTPSA id 13D811E58D;
 Sun, 22 Nov 2020 15:11:06 -0500 (EST)
Subject: Re: pushed: Add support for DWARF-based fixed point types
To: Joel Brobecker <brobecker@adacore.com>
References: <1604817017-25807-1-git-send-email-brobecker@adacore.com>
 <1605429345-78384-1-git-send-email-brobecker@adacore.com>
 <c2b8aaac-22a5-66e8-8f0f-78e41d85adab@palves.net>
 <e950fdc3-671c-0fb2-84c8-da64bb065746@simark.ca>
 <20201118034727.GF617116@adacore.com> <20201122140036.GA604842@adacore.com>
From: Simon Marchi <simark@simark.ca>
Message-ID: <5e62ef60-93d7-ad52-4f9d-b23266ae4fc8@simark.ca>
Date: Sun, 22 Nov 2020 15:11:06 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <20201122140036.GA604842@adacore.com>
Content-Type: text/plain; charset=utf-8
Content-Language: fr
Content-Transfer-Encoding: 7bit
X-BeenThere: gdb-patches@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-patches mailing list <gdb-patches.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=subscribe>
Cc: gdb-patches@sourceware.org
Errors-To: gdb-patches-bounces@sourceware.org
Sender: "Gdb-patches" <gdb-patches-bounces@sourceware.org>

On 2020-11-22 9:00 a.m., Joel Brobecker wrote:
> I've been able to reproduce the problem, including with a GDB
> built at -O0. In order to do so, I had to use the system GCC,
> though. Before that, I was using AdaCore's version of GCC and
> couldn't reproduce with that.
>
> I'm out of time for this weekend, unfortunately, so it's at the top
> of my TODO for next weekend.

I didn't find the root cause (and whether GDB using GMP wrong or if it
is a bug in GMP (less likely)), but here's what I found.

Building both GDB and GMP with ASan makes the issue more obvious:

    Running selftest gdb_mpq_write_fixed_point.
    =================================================================
    ==3672064==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd6de06d08 at pc 0x7f185073086d bp 0x7ffd6de068a0 sp 0x7ffd6de06890
    WRITE of size 8 at 0x7ffd6de06d08 thread T0
        #0 0x7f185073086c in __gmpz_export /home/smarchi/src/gmp-6.2.0+dfsg/mpz/export.c:103
        #1 0x557c2db68395 in gdb_mpz::write(unsigned char*, int, bfd_endian, bool) const /home/smarchi/src/binutils-gdb/gdb/gmp-utils.c:80
        #2 0x557c2db68d02 in gdb_mpq::write_fixed_point(unsigned char*, int, bfd_endian, bool, gdb_mpq const&) const /home/smarchi/src/binutils-gdb/gdb/gmp-utils.c:144
        #3 0x557c2ed2f796 in write_fp_test /home/smarchi/src/binutils-gdb/gdb/unittests/gmp-utils-selftests.c:405
        #4 0x557c2ed2f949 in gdb_mpq_write_fixed_point /home/smarchi/src/binutils-gdb/gdb/unittests/gmp-utils-selftests.c:426
        #5 0x557c300b280c in selftests::simple_selftest::operator()() const /home/smarchi/src/binutils-gdb/gdbsupport/selftest.cc:43
        #6 0x557c300b22e2 in selftests::run_tests(gdb::array_view<char const* const>) /home/smarchi/src/binutils-gdb/gdbsupport/selftest.cc:99
        #7 0x557c2dfce6c2 in maintenance_selftest /home/smarchi/src/binutils-gdb/gdb/maint.c:1026
        #8 0x557c2d3dbe12 in do_const_cfunc /home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:95
        #9 0x557c2d3eb02d in cmd_func(cmd_list_element*, char const*, int) /home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:2181
        #10 0x557c2eb6e985 in execute_command(char const*, int) /home/smarchi/src/binutils-gdb/gdb/top.c:668
        #11 0x557c2dfaa4c9 in catch_command_errors /home/smarchi/src/binutils-gdb/gdb/main.c:448
        #12 0x557c2dfaacf0 in execute_cmdargs /home/smarchi/src/binutils-gdb/gdb/main.c:533
        #13 0x557c2dfae6b1 in captured_main_1 /home/smarchi/src/binutils-gdb/gdb/main.c:1203
        #14 0x557c2dfaebc5 in captured_main /home/smarchi/src/binutils-gdb/gdb/main.c:1224
        #15 0x557c2dfaecad in gdb_main(captured_main_args*) /home/smarchi/src/binutils-gdb/gdb/main.c:1249
        #16 0x557c2cdd0311 in main /home/smarchi/src/binutils-gdb/gdb/gdb.c:32
        #17 0x7f184f9850b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
        #18 0x557c2cdd00ed in _start (/home/smarchi/build/binutils-gdb-all-targets/gdb/gdb+0x4a2e0ed)

    Address 0x7ffd6de06d08 is located in stack of thread T0 at offset 104 in frame
        #0 0x557c2ed2f669 in write_fp_test /home/smarchi/src/binutils-gdb/gdb/unittests/gmp-utils-selftests.c:393

      This frame has 2 object(s):
        [32, 64) 'v' (line 402)
        [96, 104) 'buf' (line 399) <== Memory access at offset 104 overflows this variable
    HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
          (longjmp and C++ exceptions *are* supported)
    SUMMARY: AddressSanitizer: stack-buffer-overflow /home/smarchi/src/gmp-6.2.0+dfsg/mpz/export.c:103 in __gmpz_export

We pass mpz_export a buffer of 8 bytes (statically allocated in
write_fp_test), but GMP decides it needs to write 16 bytes, hence the
overflow.

I tried to read the GMP doc, but I am familiar with its concepts, so I
don't really understand if we are using the API correctly or not.

For reference this is how I configured libgmp:

  ./configure '--prefix=/tmp/gmp-install' 'CFLAGS=-g3 -O0 -fsanitize=address' 'CXXFLAGS=-g3 -O0 -fsanitize=address' 'LDFLAGS=-fsanitize=address'

Simon