From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id 7z4HM2b3EmUgjR0AWB0awg (envelope-from ) for ; Tue, 26 Sep 2023 11:23:18 -0400 Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=M2rD1GvK; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id C63C11E0C3; Tue, 26 Sep 2023 11:23:18 -0400 (EDT) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id B356F1E092 for ; Tue, 26 Sep 2023 11:23:16 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id D08F6385B51F for ; Tue, 26 Sep 2023 15:23:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D08F6385B51F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1695741795; bh=GfG1AC72cliGTTGIphzJBCda++qLgmTsFjoWDh6/dEU=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=M2rD1GvKeq1/sK2nI2CrN/Yu0BcdIoOlrvFV87UdZ+QAjBFnMFay7Q52U+WEpsPL7 hVc6SJPvXMhI9s6roHfrpZuuTv3CKG6O7bSnyMf3MxBkymljhi03jwd/jJq2uk7Xu1 X/RwXNv9HG8+SQ7AxggISwkCjm1LlEOrygAfG2hQ= Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by sourceware.org (Postfix) with ESMTPS id A05603858404 for ; Tue, 26 Sep 2023 15:22:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A05603858404 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 5D3512185D for ; Tue, 26 Sep 2023 15:22:52 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 4185C13434 for ; Tue, 26 Sep 2023 15:22:52 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id yZWzDkz3EmW8ewAAMHmgww (envelope-from ) for ; Tue, 26 Sep 2023 15:22:52 +0000 Message-ID: <9f3d55b4-553b-4cf2-be57-005e6a9ba871@suse.de> Date: Tue, 26 Sep 2023 17:22:54 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PING][PATCH 1/2] [gdb/tui] Fix segfault in tui_find_disassembly_address Content-Language: en-US To: gdb-patches@sourceware.org References: <20230905150339.6452-1-tdevries@suse.de> In-Reply-To: <20230905150339.6452-1-tdevries@suse.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-12.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Tom de Vries via Gdb-patches Reply-To: Tom de Vries Errors-To: gdb-patches-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb-patches" On 9/5/23 17:03, Tom de Vries via Gdb-patches wrote: > PR29040 describes a FAIL for test-case gdb.threads/next-fork-other-thread.exp > and target board unix/-m32. > > The FAIL happens due to the test executable running into an assert, which is > caused by a forked child segfaulting, like so: > ... > Program terminated with signal SIGSEGV, Segmentation fault. > #0 0x00000000 in ?? () > ... > > I tried to reproduce the segfault with exec next-fork-other-thread-fork, using > TUI layout asm. > > I set a breakpoint at fork and ran to the breakpoint, and somewhere during the > following session I ran into a gdb segfault here in > tui_find_disassembly_address: > ... > /* Disassemble forward. */ > next_addr = tui_disassemble (gdbarch, asm_lines, new_low, max_lines); > last_addr = asm_lines.back ().addr; > ... > due to asm_lines being empty after the call to tui_disassemble, while > asm_lines.back () assumes that it's not empty. > > I have not been able to reproduce that segfault in that original setting, I'm > not sure of the exact scenario (though looking back it probably involved > "set detach-on-fork off"). > > What likely happened is that I managed to reproduce PR29040, and TUI (attempted > to) display the disassembly for address 0, which led to the gdb segfault. > > When gdb_print_insn encounters an insn it cannot print because it can't read > the memory, it throws a MEMORY_ERROR that is caught by tui_disassemble. > > The specific bit that causes the gdb segfault is that if gdb_print_insn throws > a MEMORY_ERROR for the first insn in tui_disassemble, it returns an empty > asm_lines. > > FWIW, I did manage to reproduce the gdb segfault as follows: > ... > $ gdb -q \ > -iex "set pagination off" \ > /usr/bin/rustc \ > -ex "set breakpoint pending on" \ > -ex "b dl_main" \ > -ex run \ > -ex "up 4" \ > -ex "layout asm" \ > -ex "print \$pc" > ... > > ... > $1 = (void (*)()) 0x1 > (gdb) > ... > Now press , and the segfault triggers. > > Fix the segfault by handling asm_lines.empty () results of tui_disassemble in > tui_find_disassembly_address. > > I've written a unit test that exercises this scenario. > > Tested on x86_64-linux. > Ping for both patches in the series. Thanks, - Tom > PR tui/30823 > Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30823 > --- > gdb/tui/tui-disasm.c | 39 +++++++++++++++++++++++++++++++++++++++ > 1 file changed, 39 insertions(+) > > diff --git a/gdb/tui/tui-disasm.c b/gdb/tui/tui-disasm.c > index f0b55769d71..03c78aa1291 100644 > --- a/gdb/tui/tui-disasm.c > +++ b/gdb/tui/tui-disasm.c > @@ -41,6 +41,8 @@ > #include "objfiles.h" > #include "cli/cli-style.h" > #include "tui/tui-location.h" > +#include "gdbsupport/selftest.h" > +#include "inferior.h" > > #include "gdb_curses.h" > > @@ -203,6 +205,8 @@ tui_find_disassembly_address (struct gdbarch *gdbarch, CORE_ADDR pc, int from) > instruction fails to disassemble we will take the address of the > previous instruction that did disassemble as the result. */ > tui_disassemble (gdbarch, asm_lines, pc, max_lines + 1); > + if (asm_lines.empty ()) > + return pc; > new_low = asm_lines.back ().addr; > } > else > @@ -244,6 +248,8 @@ tui_find_disassembly_address (struct gdbarch *gdbarch, CORE_ADDR pc, int from) > > /* Disassemble forward. */ > next_addr = tui_disassemble (gdbarch, asm_lines, new_low, max_lines); > + if (asm_lines.empty ()) > + break; > last_addr = asm_lines.back ().addr; > > /* If disassembling from the current value of NEW_LOW reached PC > @@ -522,3 +528,36 @@ tui_disasm_window::display_start_addr (struct gdbarch **gdbarch_p, > *gdbarch_p = m_gdbarch; > *addr_p = m_start_line_or_addr.u.addr; > } > + > +#if GDB_SELF_TEST > +namespace selftests { > +namespace tui { > +namespace disasm { > + > +static void > +run_tests () > +{ > + if (current_inferior () != nullptr) > + { > + struct gdbarch *gdbarch = current_inferior ()->gdbarch; > + > + /* Check that tui_find_disassembly_address robustly handles the case of > + being passed a PC for which gdb_print_insn throws a MEMORY_ERROR. */ > + SELF_CHECK (tui_find_disassembly_address (gdbarch, 0, 1) == 0); > + SELF_CHECK (tui_find_disassembly_address (gdbarch, 0, -1) == 0); > + } > +} > + > +} /* namespace disasm */ > +} /* namespace tui */ > +} /* namespace selftests */ > +#endif /* GDB_SELF_TEST */ > + > +void _initialize_tui_disasm (); > +void > +_initialize_tui_disasm () > +{ > +#if GDB_SELF_TEST > + selftests::register_test ("tui-disasm", selftests::tui::disasm::run_tests); > +#endif > +} > > base-commit: b6ac461ace19ba19aaf135a028df4e67e47e21d7