From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <simark@simark.ca>
Received: from simark.ca (simark.ca [158.69.221.121])
 by sourceware.org (Postfix) with ESMTPS id 3D5883861C30
 for <gdb-patches@sourceware.org>; Wed, 11 Mar 2020 06:50:09 +0000 (GMT)
Received: from [10.0.0.11] (unknown [192.222.164.54])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by simark.ca (Postfix) with ESMTPSA id 91E6B1E4A5;
 Wed, 11 Mar 2020 02:50:08 -0400 (EDT)
Subject: Re: [PATCHv2 0/2] Line table is_stmt support
To: Andrew Burgess <andrew.burgess@embecosm.com>,
 Bernd Edlinger <bernd.edlinger@hotmail.de>
Cc: "gdb-patches@sourceware.org" <gdb-patches@sourceware.org>
References: <AM6PR03MB517018CA7EE81453672EFDEFE4E20@AM6PR03MB5170.eurprd03.prod.outlook.com>
 <cover.1583671656.git.andrew.burgess@embecosm.com>
 <AM6PR03MB517034F1A0222E7EC0001F6EE4E10@AM6PR03MB5170.eurprd03.prod.outlook.com>
 <20200310230132.GF3317@embecosm.com>
From: Simon Marchi <simark@simark.ca>
Message-ID: <f19936b0-9023-29a7-f677-939cc1df73db@simark.ca>
Date: Wed, 11 Mar 2020 02:50:07 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <20200310230132.GF3317@embecosm.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US-large
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, SPF_HELO_PASS,
 SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gdb-patches@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-patches mailing list <gdb-patches.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=unsubscribe>
List-Archive: <http://sourceware.org/pipermail/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 06:50:10 -0000

On 2020-03-10 7:01 p.m., Andrew Burgess wrote:
> * Bernd Edlinger <bernd.edlinger@hotmail.de> [2020-03-08 14:39:44 +0000]:
> 
>> On 3/8/20 1:50 PM, Andrew Burgess wrote:
>>> Patch #1 is unchanged.
>>>
>>> Patch #2 includes additional changes in infrun.c based on Bernd's
>>> suggested fix, as well as his additional tests.
>>>
>>> Bernd,
>>>
>>> If you are happy with this version of the patch that I'll merge this
>>> in the next few days.
>>>
>>
>> Sure, a quick smoke test shows this is still on the right track.
>>
>> I will post a re-based version of my follow-up patch in a moment.
> 
> I have now pushed this series to master.  I will review your follow up
> patch in more detail tomorrow.
> 
> Thanks,
> Andrew

Hi Andrew,

It appears that this series (patch 2/2) causes an ASan failure, see below.
Compiling a C file with an empty main, with debug info, and loading it in GDB is
sufficient to trigger it.

Reading symbols from a.out...
=================================================================
==15419==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6280000340f8 at pc 0x000000687c5a bp 0x7fffd0281e30 sp 0x7fffd0281e20
READ of size 4 at 0x6280000340f8 thread T0
    #0 0x687c59 in buildsym_compunit::record_line(subfile*, int, unsigned long, bool) /home/smarchi/src/binutils-gdb/gdb/buildsym.c:688
    #1 0x96a451 in dwarf_record_line_1 /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:19956
    #2 0x96acce in lnp_state_machine::record_line(bool) /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:20024
    #3 0x969d69 in lnp_state_machine::handle_special_opcode(unsigned char) /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:19851
    #4 0x96b731 in dwarf_decode_lines_1 /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:20135
    #5 0x96c237 in dwarf_decode_lines /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:20328
    #6 0x92ea4a in handle_DW_AT_stmt_list /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:10748
    #7 0x92f133 in read_file_scope /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:10796
    #8 0x92a543 in process_die /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:9815
    #9 0x92915f in process_full_comp_unit /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:9580
    #10 0x920c82 in process_queue /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:8867
    #11 0x8f74e7 in dw2_do_instantiate_symtab /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:2374
    #12 0x8f7795 in dw2_instantiate_symtab /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:2395
    #13 0x8fed42 in dw2_lookup_symbol /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:3539
    #14 0x1251110 in lookup_symbol_via_quick_fns /home/smarchi/src/binutils-gdb/gdb/symtab.c:2401
    #15 0x1251ac1 in lookup_symbol_in_objfile /home/smarchi/src/binutils-gdb/gdb/symtab.c:2550
    #16 0x1251da0 in lookup_symbol_global_or_static_iterator_cb /home/smarchi/src/binutils-gdb/gdb/symtab.c:2597
    #17 0x118135c in svr4_iterate_over_objfiles_in_search_order /home/smarchi/src/binutils-gdb/gdb/solib-svr4.c:3258
    #18 0xa90518 in gdbarch_iterate_over_objfiles_in_search_order(gdbarch*, int (*)(objfile*, void*), void*, objfile*) /home/smarchi/src/binutils-gdb/gdb/gdbarch.c:4859
    #19 0x1252174 in lookup_global_or_static_symbol /home/smarchi/src/binutils-gdb/gdb/symtab.c:2642
    #20 0x1252469 in lookup_global_symbol(char const*, block const*, domain_enum_tag) /home/smarchi/src/binutils-gdb/gdb/symtab.c:2684
    #21 0x1251631 in basic_lookup_symbol_nonlocal(language_defn const*, char const*, block const*, domain_enum_tag) /home/smarchi/src/binutils-gdb/gdb/symtab.c:2471
    #22 0x124f374 in lookup_symbol_aux /home/smarchi/src/binutils-gdb/gdb/symtab.c:2112
    #23 0x124df4e in lookup_symbol_in_language(char const*, block const*, domain_enum_tag, language, field_of_this_result*) /home/smarchi/src/binutils-gdb/gdb/symtab.c:1908
    #24 0x12164a5 in set_initial_language() /home/smarchi/src/binutils-gdb/gdb/symfile.c:1695
    #25 0x1213d40 in symbol_file_add_main_1 /home/smarchi/src/binutils-gdb/gdb/symfile.c:1226
    #26 0x1213ac9 in symbol_file_add_main(char const*, enum_flags<symfile_add_flag>) /home/smarchi/src/binutils-gdb/gdb/symfile.c:1208
    #27 0xce438c in symbol_file_add_main_adapter /home/smarchi/src/binutils-gdb/gdb/main.c:424
    #28 0xce422c in catch_command_errors /home/smarchi/src/binutils-gdb/gdb/main.c:401
    #29 0xce68e5 in captured_main_1 /home/smarchi/src/binutils-gdb/gdb/main.c:1068
    #30 0xce7567 in captured_main /home/smarchi/src/binutils-gdb/gdb/main.c:1188
    #31 0xce75fc in gdb_main(captured_main_args*) /home/smarchi/src/binutils-gdb/gdb/main.c:1213
    #32 0x412a3d in main /home/smarchi/src/binutils-gdb/gdb/gdb.c:32
    #33 0x7fa0a1d8782f in __libc_start_main ../csu/libc-start.c:291
    #34 0x412838 in _start (/home/smarchi/build/binutils-gdb/gdb/gdb+0x412838)

0x6280000340f8 is located 8 bytes to the left of 16024-byte region [0x628000034100,0x628000037f98)
allocated by thread T0 here:
    #0 0x7fa0a4537f88 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10bf88)
    #1 0x4c9419 in xmalloc /home/smarchi/src/binutils-gdb/gdb/alloc.c:60
    #2 0x687b03 in buildsym_compunit::record_line(subfile*, int, unsigned long, bool) /home/smarchi/src/binutils-gdb/gdb/buildsym.c:678
    #3 0x96a451 in dwarf_record_line_1 /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:19956
    #4 0x96acce in lnp_state_machine::record_line(bool) /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:20024
    #5 0x969d69 in lnp_state_machine::handle_special_opcode(unsigned char) /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:19851
    #6 0x96b731 in dwarf_decode_lines_1 /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:20135
    #7 0x96c237 in dwarf_decode_lines /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:20328
    #8 0x92ea4a in handle_DW_AT_stmt_list /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:10748
    #9 0x92f133 in read_file_scope /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:10796
    #10 0x92a543 in process_die /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:9815
    #11 0x92915f in process_full_comp_unit /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:9580
    #12 0x920c82 in process_queue /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:8867
    #13 0x8f74e7 in dw2_do_instantiate_symtab /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:2374
    #14 0x8f7795 in dw2_instantiate_symtab /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:2395
    #15 0x8fed42 in dw2_lookup_symbol /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:3539
    #16 0x1251110 in lookup_symbol_via_quick_fns /home/smarchi/src/binutils-gdb/gdb/symtab.c:2401
    #17 0x1251ac1 in lookup_symbol_in_objfile /home/smarchi/src/binutils-gdb/gdb/symtab.c:2550
    #18 0x1251da0 in lookup_symbol_global_or_static_iterator_cb /home/smarchi/src/binutils-gdb/gdb/symtab.c:2597
    #19 0x118135c in svr4_iterate_over_objfiles_in_search_order /home/smarchi/src/binutils-gdb/gdb/solib-svr4.c:3258
    #20 0xa90518 in gdbarch_iterate_over_objfiles_in_search_order(gdbarch*, int (*)(objfile*, void*), void*, objfile*) /home/smarchi/src/binutils-gdb/gdb/gdbarch.c:4859
    #21 0x1252174 in lookup_global_or_static_symbol /home/smarchi/src/binutils-gdb/gdb/symtab.c:2642
    #22 0x1252469 in lookup_global_symbol(char const*, block const*, domain_enum_tag) /home/smarchi/src/binutils-gdb/gdb/symtab.c:2684
    #23 0x1251631 in basic_lookup_symbol_nonlocal(language_defn const*, char const*, block const*, domain_enum_tag) /home/smarchi/src/binutils-gdb/gdb/symtab.c:2471
    #24 0x124f374 in lookup_symbol_aux /home/smarchi/src/binutils-gdb/gdb/symtab.c:2112
    #25 0x124df4e in lookup_symbol_in_language(char const*, block const*, domain_enum_tag, language, field_of_this_result*) /home/smarchi/src/binutils-gdb/gdb/symtab.c:1908
    #26 0x12164a5 in set_initial_language() /home/smarchi/src/binutils-gdb/gdb/symfile.c:1695
    #27 0x1213d40 in symbol_file_add_main_1 /home/smarchi/src/binutils-gdb/gdb/symfile.c:1226
    #28 0x1213ac9 in symbol_file_add_main(char const*, enum_flags<symfile_add_flag>) /home/smarchi/src/binutils-gdb/gdb/symfile.c:1208
    #29 0xce438c in symbol_file_add_main_adapter /home/smarchi/src/binutils-gdb/gdb/main.c:424

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/smarchi/src/binutils-gdb/gdb/buildsym.c:688 in buildsym_compunit::record_line(subfile*, int, unsigned long, bool)
Shadow bytes around the buggy address:
  0x0c507fffe7c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c507fffe7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c507fffe7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c507fffe7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c507fffe800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c507fffe810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c507fffe820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c507fffe830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c507fffe840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c507fffe850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c507fffe860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==15419==ABORTING

Simon