From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-82398-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 10306 invoked by alias); 19 Jul 2011 19:11:08 -0000
Received: (qmail 10298 invoked by uid 22791); 19 Jul 2011 19:11:07 -0000
X-SWARE-Spam-Status: No, hits=-7.5 required=5.0	tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,SPF_HELO_PASS
X-Spam-Check-By: sourceware.org
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 19 Jul 2011 19:10:51 +0000
Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p6JJAoE4029762	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)	for <gdb-patches@sourceware.org>; Tue, 19 Jul 2011 15:10:51 -0400
Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199])	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p6JJAorV016061;	Tue, 19 Jul 2011 15:10:50 -0400
Received: from barimba (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1])	by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id p6JJAnaX009674;	Tue, 19 Jul 2011 15:10:49 -0400
From: Tom Tromey <tromey@redhat.com>
To: fche@redhat.com (Frank Ch. Eigler)
Cc: gdb-patches@sourceware.org
Subject: Re: FYI: put a QUIT in DWARF expression evaluator
References: <m37h7soj4v.fsf@fleche.redhat.com> <y0mmxgosets.fsf@fche.csb>
Date: Tue, 19 Jul 2011 20:26:00 -0000
In-Reply-To: <y0mmxgosets.fsf@fche.csb> (Frank Ch. Eigler's message of "Fri,	08 Jul 2011 16:22:07 -0400")
Message-ID: <m3r55m2iiv.fsf@fleche.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2011-07/txt/msg00493.txt.bz2

Sorry about the delay on this.

Tom> Today I wondered what would happen if I modified pr10770.c to fail,
Tom> causing an infinite loop while evaluating a DWARF expression.  The
Tom> answer is that gdb hangs and I had to kill it from the shell.
Tom> [...]
Tom> FWIW, as far as I know, no such DWARF has ever been found in the wild.

Frank> But perhaps other non-interactive services that rely on gdb to do
Frank> backtraces (pstack?)  could be tricked into looping indefinitely.  To
Frank> what extent is gdb vulnerable to specially crafted target memory state
Frank> causing indefinitely-long processing?

I wouldn't trust it, that's for sure.  I don't know of specific bugs,
but dwarf2read is simply too large and complicated for me to believe
that it is free of problems.

I would not be averse to putting a large-enough artificial limit on the
expression evaluator.  It is hard to imagine a legitimate DWARF
expression needing more than 1000 operations or something like that.

Tom