* FYI: put a QUIT in DWARF expression evaluator
@ 2011-07-08 19:54 Tom Tromey
2011-07-09 6:40 ` Frank Ch. Eigler
0 siblings, 1 reply; 3+ messages in thread
From: Tom Tromey @ 2011-07-08 19:54 UTC (permalink / raw)
To: gdb-patches
I'm checking this in on the trunk.
Today I wondered what would happen if I modified pr10770.c to fail,
causing an infinite loop while evaluating a DWARF expression. The
answer is that gdb hangs and I had to kill it from the shell.
This patch adds a QUIT to the DWARF evaluator to let the user interrupt
gdb in this event.
I ran the gdb.dwarf2 tests against this on x86-64 F15.
I also tested the new functionality by hand.
FWIW, as far as I know, no such DWARF has ever been found in the wild.
Tom
2011-07-08 Tom Tromey <tromey@redhat.com>
* dwarf2expr.c (execute_stack_op): Add QUIT.
Index: dwarf2expr.c
===================================================================
RCS file: /cvs/src/src/gdb/dwarf2expr.c,v
retrieving revision 1.66
diff -u -r1.66 dwarf2expr.c
--- dwarf2expr.c 22 Jun 2011 13:38:21 -0000 1.66
+++ dwarf2expr.c 8 Jul 2011 15:47:04 -0000
@@ -521,6 +521,10 @@
LONGEST offset;
struct value *result_val = NULL;
+ /* The DWARF expression might have a bug causing an infinite
+ loop. In that case, quitting is the only way out. */
+ QUIT;
+
switch (op)
{
case DW_OP_lit0:
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: FYI: put a QUIT in DWARF expression evaluator
2011-07-08 19:54 FYI: put a QUIT in DWARF expression evaluator Tom Tromey
@ 2011-07-09 6:40 ` Frank Ch. Eigler
2011-07-19 20:26 ` Tom Tromey
0 siblings, 1 reply; 3+ messages in thread
From: Frank Ch. Eigler @ 2011-07-09 6:40 UTC (permalink / raw)
To: Tom Tromey; +Cc: gdb-patches
tromey wrote:
> Today I wondered what would happen if I modified pr10770.c to fail,
> causing an infinite loop while evaluating a DWARF expression. The
> answer is that gdb hangs and I had to kill it from the shell.
> [...]
> FWIW, as far as I know, no such DWARF has ever been found in the wild.
But perhaps other non-interactive services that rely on gdb to do
backtraces (pstack?) could be tricked into looping indefinitely. To
what extent is gdb vulnerable to specially crafted target memory state
causing indefinitely-long processing?
- FChE
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: FYI: put a QUIT in DWARF expression evaluator
2011-07-09 6:40 ` Frank Ch. Eigler
@ 2011-07-19 20:26 ` Tom Tromey
0 siblings, 0 replies; 3+ messages in thread
From: Tom Tromey @ 2011-07-19 20:26 UTC (permalink / raw)
To: Frank Ch. Eigler; +Cc: gdb-patches
Sorry about the delay on this.
Tom> Today I wondered what would happen if I modified pr10770.c to fail,
Tom> causing an infinite loop while evaluating a DWARF expression. The
Tom> answer is that gdb hangs and I had to kill it from the shell.
Tom> [...]
Tom> FWIW, as far as I know, no such DWARF has ever been found in the wild.
Frank> But perhaps other non-interactive services that rely on gdb to do
Frank> backtraces (pstack?) could be tricked into looping indefinitely. To
Frank> what extent is gdb vulnerable to specially crafted target memory state
Frank> causing indefinitely-long processing?
I wouldn't trust it, that's for sure. I don't know of specific bugs,
but dwarf2read is simply too large and complicated for me to believe
that it is free of problems.
I would not be averse to putting a large-enough artificial limit on the
expression evaluator. It is hard to imagine a legitimate DWARF
expression needing more than 1000 operations or something like that.
Tom
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-07-19 19:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-08 19:54 FYI: put a QUIT in DWARF expression evaluator Tom Tromey
2011-07-09 6:40 ` Frank Ch. Eigler
2011-07-19 20:26 ` Tom Tromey
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox