From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 104435 invoked by alias); 11 May 2018 22:01:04 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 104166 invoked by uid 89); 11 May 2018 22:00:48 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.2 required=5.0 tests=AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,GIT_PATCH_2,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=launch, uncommenting X-HELO: mail-qk0-f176.google.com Received: from mail-qk0-f176.google.com (HELO mail-qk0-f176.google.com) (209.85.220.176) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 11 May 2018 22:00:44 +0000 Received: by mail-qk0-f176.google.com with SMTP id s83-v6so455732qke.7 for ; Fri, 11 May 2018 15:00:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=//ee3T8fRH50xWYFYzKThEc0TAPvnC+tzc4WtlmwXgw=; b=spbEjmArrchPVv3fiFUhol8Dvq2JI4bl51QqMQkLNmcKGnMd7OrA0V43M6l1fYZGdv mGsD4s1zZnASnF3AL06MN/wxLJJb0kw0wh4gontQi50runLNW7qPtsEbTnF6ReKX1U0r hDGYNHpNnzEHNNGOCF79oLSsNDPDXgtkOVNdMQRfK1mEl2h2KtvmjjZF0CmbXtajr2a5 7b0qeYhWQ/QN+Td6abPQefzwBxH9T6xCR2M9Olzbxmyvfc7ycHZpbDBdGvOfkYV143e7 1jXKE5g1i9aTNUMfflPQrGWCKVgYCugmXgjgyjvDMNyf8SM7ZJRtkCPv+dEzLGpkyCaK C9vA== X-Gm-Message-State: ALKqPwfUvnDyq20dYmVrCBrV4SV5w55lbqIytmgmbd92z2/fMhxgtQf5 o/EmXIwj5QDyYbA3S9ZDQQpPXmEeQ0FGVJKcMn+l9A== X-Google-Smtp-Source: AB8JxZopmBEw5EdkPVu5WLdmUUjXDjYA8SjFZWidLdBkLhwfg3nRnv3zAYepiuqmDhJdo+qH44Ku6DbZ1MGE7M5w0Wo= X-Received: by 2002:a37:7cc4:: with SMTP id x187-v6mr6665584qkc.126.1526076029997; Fri, 11 May 2018 15:00:29 -0700 (PDT) MIME-Version: 1.0 Received: by 10.237.51.196 with HTTP; Fri, 11 May 2018 15:00:29 -0700 (PDT) In-Reply-To: <1526075698-20880-1-git-send-email-modchipv12@gmail.com> References: <1526075698-20880-1-git-send-email-modchipv12@gmail.com> From: "Andrew D'Addesio" Date: Sat, 12 May 2018 06:07:00 -0000 Message-ID: Subject: Re: [PATCH] Process record: Fix null deref when loading empty core file To: gdb-patches@sourceware.org Cc: "Andrew D'Addesio" Content-Type: multipart/mixed; boundary="000000000000ab515d056bf54300" X-SW-Source: 2018-05/txt/msg00315.txt.bz2 --000000000000ab515d056bf54300 Content-Type: text/plain; charset="UTF-8" Content-length: 3795 Here's an explanation of the bug: Description: gdb segfaults (null dereference) if the user attempts to run the command "record full restore" on a file containing an empty execution history log. Steps to reproduce the bug: 1. Compile the following hello world using: gcc -Wall -nostartfiles -o helloworld helloworld.S #include .intel_syntax noprefix .global _start .data msg: .ascii "hello, world!\n" msg_end: .text _start: mov rax, __NR_write mov rdi, 1 # STDOUT_FILENO lea rsi, [rip + msg] mov rdx, (msg_end - msg) syscall mov rax, __NR_exit mov rdi, 0 # EXIT_SUCCESS syscall 2. Launch gdb using: gdb ./helloworld 3. Execute these commands: break _start run record full # Uncommenting the next line prevents the crash: # stepi record save foo.log record stop record full restore foo.log # Segfault! gdb terminates with the following segfault: Program received signal SIGSEGV, Segmentation fault. 0x00000000007ff697 in record_full_restore () at ../../binutils-gdb/gdb/record-full.c:2491 2491 record_full_arch_list_head->prev = &record_full_first; (gdb) backtrace #0 0x00000000007ff697 in record_full_restore () at ../../binutils-gdb/gdb/record-full.c:2491 #1 0x00000000007fcade in record_full_core_open_1 (name=0x1e5af34 "foo.log", from_tty=1) at ../../binutils-gdb/gdb/record-full.c:940 #2 0x00000000007fcc3a in record_full_open (name=0x1e5af34 "foo.log", from_tty=1) at ../../binutils-gdb/gdb/record-full.c:984 #3 0x00000000007ffbb3 in cmd_record_full_restore (args=0x1e5af34 "foo.log", from_tty=1) at ../../binutils-gdb/gdb/record-full.c:2532 #4 0x000000000048078c in do_const_cfunc (c=0x1d55830, args=0x1e5af34 "foo.log", from_tty=1) at ../../binutils-gdb/gdb/cli/cli-decode.c:106 #5 0x0000000000483884 in cmd_func (cmd=0x1d55830, args=0x1e5af34 "foo.log", from_tty=1) at ../../binutils-gdb/gdb/cli/cli-decode.c:1857 #6 0x00000000008b094f in execute_command (p=0x1e5af3a "g", from_tty=1) at ../../binutils-gdb/gdb/top.c:630 #7 0x000000000070288c in command_handler (command=0x1e5af20 "") at ../../binutils-gdb/gdb/event-top.c:583 #8 0x0000000000702c90 in command_line_handler (rl=0x1e39190 "record full restore foo.log") at ../../binutils-gdb/gdb/event-top.c:774 #9 0x0000000000702020 in gdb_rl_callback_handler (rl=0x1e39190 "record full restore foo.log") at ../../binutils-gdb/gdb/event-top.c:213 #10 0x00007fbda62b76f5 in rl_callback_read_char () from /lib/x86_64-linux-gnu/libreadline.so.6 #11 0x0000000000701f0c in gdb_rl_callback_read_char_wrapper_noexcept () at ../../binutils-gdb/gdb/event-top.c:175 #12 0x0000000000701f8b in gdb_rl_callback_read_char_wrapper (client_data=0x1b63420) at ../../binutils-gdb/gdb/event-top.c:192 #13 0x0000000000702720 in stdin_event_handler (error=0, client_data=0x1b63420) at ../../binutils-gdb/gdb/event-top.c:511 #14 0x00000000007007ed in handle_file_event (file_ptr=0x1e63d50, ready_mask=1) at ../../binutils-gdb/gdb/event-loop.c:733 #15 0x0000000000700d9f in gdb_wait_for_event (block=1) at ../../binutils-gdb/gdb/event-loop.c:859 #16 0x00000000006ffbc7 in gdb_do_one_event () at ../../binutils-gdb/gdb/event-loop.c:347 #17 0x00000000006ffc0e in start_event_loop () at ../../binutils-gdb/gdb/event-loop.c:371 #18 0x0000000000793909 in captured_command_loop () at ../../binutils-gdb/gdb/main.c:330 #19 0x0000000000794def in captured_main (data=0x7fffc2ce81e0) at ../../binutils-gdb/gdb/main.c:1157 #20 0x0000000000794ec4 in gdb_main (args=0x7fffc2ce81e0) at ../../binutils-gdb/gdb/main.c:1173 #21 0x000000000040df4c in main (argc=2, argv=0x7fffc2ce82e8) at ../../binutils-gdb/gdb/gdb.c:32 This patch fixes the segfault. I also attached a passing testsuite. Andrew --000000000000ab515d056bf54300 Content-Type: text/plain; charset="US-ASCII"; name="testsuite_diff.txt" Content-Disposition: attachment; filename="testsuite_diff.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jh2i82fz0 Content-length: 3022 MWMxCjwgVGVzdCBSdW4gQnkgZGFkZGVzaW8gb24gRnJpIE1heSAxMSAxNjox Njo1NSAyMDE4Ci0tLQo+IFRlc3QgUnVuIEJ5IGRhZGRlc2lvIG9uIEZyaSBN YXkgMTEgMTY6Mjk6MzUgMjAxOAo0NTI2NWM0NTI2NQo8IEZBSUw6IGdkYi5t aS9saXN0LXRocmVhZC1ncm91cHMtYXZhaWxhYmxlLmV4cDogbGlzdCBhdmFp bGFibGUgdGhyZWFkIGdyb3VwcyAodW5leHBlY3RlZCBvdXRwdXQpCi0tLQo+ IFBBU1M6IGdkYi5taS9saXN0LXRocmVhZC1ncm91cHMtYXZhaWxhYmxlLmV4 cDogbGlzdCBhdmFpbGFibGUgdGhyZWFkIGdyb3Vwcwo0ODEwNWM0ODEwNQo8 IEZBSUw6IGdkYi5tdWx0aS9tdWx0aS1hcmNoLWV4ZWMuZXhwOiBmaXJzdF9h cmNoPTE6IHNlbGVjdGVkX3RocmVhZD0xOiBmb2xsb3dfZXhlY19tb2RlPXNh bWU6IGNvbnRpbnVlIGFjcm9zcyBleGVjIHRoYXQgY2hhbmdlcyBhcmNoaXRl Y3R1cmUKLS0tCj4gRkFJTDogZ2RiLm11bHRpL211bHRpLWFyY2gtZXhlYy5l eHA6IGZpcnN0X2FyY2g9MTogc2VsZWN0ZWRfdGhyZWFkPTE6IGZvbGxvd19l eGVjX21vZGU9c2FtZTogY29udGludWUgYWNyb3NzIGV4ZWMgdGhhdCBjaGFu Z2VzIGFyY2hpdGVjdHVyZSAodGltZW91dCkKNTYwODRjNTYwODQKPCBQQVNT OiBnZGIudGhyZWFkcy9ub24tbGRyLWV4aXQuZXhwOiBwcm9ncmFtIGV4aXRz IG5vcm1hbGx5Ci0tLQo+IEtGQUlMOiBnZGIudGhyZWFkcy9ub24tbGRyLWV4 aXQuZXhwOiBwcm9ncmFtIGV4aXRzIG5vcm1hbGx5IChQUk1TOiBnZGIvMTg3 MTcpCjU2NzAzLDU2NzA0YzU2NzAzCjwgUEFTUzogZ2RiLnRocmVhZHMvcHJv Y2Vzcy1kaWVzLXdoaWxlLWhhbmRsaW5nLWJwLmV4cDogbm9uX3N0b3A9b246 IGNvbmRfYnBfdGFyZ2V0PTE6IGluZmVyaW9yIDEgZXhpdGVkCjwgUEFTUzog Z2RiLnRocmVhZHMvcHJvY2Vzcy1kaWVzLXdoaWxlLWhhbmRsaW5nLWJwLmV4 cDogbm9uX3N0b3A9b246IGNvbmRfYnBfdGFyZ2V0PTE6IG5vIHRocmVhZHMg bGVmdAotLS0KPiBLRkFJTDogZ2RiLnRocmVhZHMvcHJvY2Vzcy1kaWVzLXdo aWxlLWhhbmRsaW5nLWJwLmV4cDogbm9uX3N0b3A9b246IGNvbmRfYnBfdGFy Z2V0PTE6IGluZmVyaW9yIDEgZXhpdGVkIChtZW1vcnkgZXJyb3IpIChQUk1T OiBnZGIvMTg3NDkpCjU2NzA4LDU2NzA5YzU2NzA3CjwgUEFTUzogZ2RiLnRo cmVhZHMvcHJvY2Vzcy1kaWVzLXdoaWxlLWhhbmRsaW5nLWJwLmV4cDogbm9u X3N0b3A9b246IGNvbmRfYnBfdGFyZ2V0PTA6IGluZmVyaW9yIDEgZXhpdGVk CjwgUEFTUzogZ2RiLnRocmVhZHMvcHJvY2Vzcy1kaWVzLXdoaWxlLWhhbmRs aW5nLWJwLmV4cDogbm9uX3N0b3A9b246IGNvbmRfYnBfdGFyZ2V0PTA6IG5v IHRocmVhZHMgbGVmdAotLS0KPiBLRkFJTDogZ2RiLnRocmVhZHMvcHJvY2Vz cy1kaWVzLXdoaWxlLWhhbmRsaW5nLWJwLmV4cDogbm9uX3N0b3A9b246IGNv bmRfYnBfdGFyZ2V0PTA6IGluZmVyaW9yIDEgZXhpdGVkIChtZW1vcnkgZXJy b3IpIChQUk1TOiBnZGIvMTg3NDkpCjU2NzE4LDU2NzE5YzU2NzE2CjwgUEFT UzogZ2RiLnRocmVhZHMvcHJvY2Vzcy1kaWVzLXdoaWxlLWhhbmRsaW5nLWJw LmV4cDogbm9uX3N0b3A9b2ZmOiBjb25kX2JwX3RhcmdldD0wOiBpbmZlcmlv ciAxIGV4aXRlZAo8IFBBU1M6IGdkYi50aHJlYWRzL3Byb2Nlc3MtZGllcy13 aGlsZS1oYW5kbGluZy1icC5leHA6IG5vbl9zdG9wPW9mZjogY29uZF9icF90 YXJnZXQ9MDogbm8gdGhyZWFkcyBsZWZ0Ci0tLQo+IEtGQUlMOiBnZGIudGhy ZWFkcy9wcm9jZXNzLWRpZXMtd2hpbGUtaGFuZGxpbmctYnAuZXhwOiBub25f c3RvcD1vZmY6IGNvbmRfYnBfdGFyZ2V0PTA6IGluZmVyaW9yIDEgZXhpdGVk IChwcm9tcHQpIChQUk1TOiBnZGIvMTg3NDkpCjU3NjIxYzU3NjE4CjwgUEFT UzogZ2RiLnRocmVhZHMvdGhyZWFkLXNwZWNpZmljLWJwLmV4cDogbm9uLXN0 b3A6IHRocmVhZC1zcGVjaWZpYyBicmVha3BvaW50IHdhcyBkZWxldGVkCi0t LQo+IEZBSUw6IGdkYi50aHJlYWRzL3RocmVhZC1zcGVjaWZpYy1icC5leHA6 IG5vbi1zdG9wOiB0aHJlYWQtc3BlY2lmaWMgYnJlYWtwb2ludCB3YXMgZGVs ZXRlZCAodGltZW91dCkKNTgzODJjNTgzNzkKPCAjIG9mIGV4cGVjdGVkIHBh c3NlcwkJNTQ1NzUKLS0tCj4gIyBvZiBleHBlY3RlZCBwYXNzZXMJCTU0NTY4 CjU4Mzg2YzU4MzgzCjwgIyBvZiBrbm93biBmYWlsdXJlcwkJNjIKLS0tCj4g IyBvZiBrbm93biBmYWlsdXJlcwkJNjYK --000000000000ab515d056bf54300--