The return address of strtok is out of bounds in gdb

The return address of strtok is out of bounds in gdb

[Zhang Zhen]

Hi,

I found a problem with gdb-7.9 on my x86_64 machine.
The return address is out of bounds by calling call strtok in gdb.
But if we enter 'n', the return address is correct.
I want to know this is a bug ? If so, how to resolve it ?

It is easily reproduced as follows:

	Fs-Server:/opt/zhangzhen/gdb-7.9 # ./gdb/gdb -q ../strtok_test
	Reading symbols from ../strtok_test...done.
	(gdb) b 12
	Breakpoint 1 at 0x4005c7: file strtok_test.c, line 12.
	(gdb) r
	Starting program: /opt/zhangzhen/strtok_test

	Breakpoint 1, main (argc=1, argv=0x7fffffffe358) at strtok_test.c:12
	12		p1 = strtok(a0, se);
	(gdb) p p1
	$1 = 0x0
	(gdb) p p1 = strtok(a0, se)
	$2 = 0xffffffffffffe260 <error: Cannot access memory at address 0xffffffffffffe260>
	(gdb) n
	13		printf("a0=%s\np1=%p\n", a0, p1);
	(gdb) p p1
	$3 = 0x7fffffffe260 "start"
	(gdb)

The source code of strtok_test is:
	  1 #include <stdio.h>
	  2 #include <stdlib.h>
	  3 #include <string.h>
	  4
	  5 int main(int argc, const char **argv)
	  6 {
	  7         char a0[] = {"start test! "};
	  8
	  9         char *p1 = NULL;
	 10         char se[] = " ";
	 11
	 12         p1 = strtok(a0, se);
	 13         printf("a0=%s\np1=%p\n", a0, p1);
	 14
	 15         return 0;
	 16 }


Best regards!

Re: The return address of strtok is out of bounds in gdb

[Yao Qi]

Zhang Zhen <zhenzhang.zhang@huawei.com> writes:

> I found a problem with gdb-7.9 on my x86_64 machine.
> The return address is out of bounds by calling call strtok in gdb.
> But if we enter 'n', the return address is correct.
> I want to know this is a bug ? If so, how to resolve it ?

It is not a bug, IMO.

>
> It is easily reproduced as follows:
>
> 	Fs-Server:/opt/zhangzhen/gdb-7.9 # ./gdb/gdb -q ../strtok_test
> 	Reading symbols from ../strtok_test...done.
> 	(gdb) b 12
> 	Breakpoint 1 at 0x4005c7: file strtok_test.c, line 12.
> 	(gdb) r
> 	Starting program: /opt/zhangzhen/strtok_test
>
> 	Breakpoint 1, main (argc=1, argv=0x7fffffffe358) at strtok_test.c:12
> 	12		p1 = strtok(a0, se);
> 	(gdb) p p1
> 	$1 = 0x0
> 	(gdb) p p1 = strtok(a0, se)
> 	$2 = 0xffffffffffffe260 <error: Cannot access memory at address 0xffffffffffffe260>

You are doing an "inferior call"
https://sourceware.org/gdb/onlinedocs/gdb/Calling.html here.  In order
to support inferior call, GDB needs to create a new frame, get the
function's signature (return value and arguments), prepare the
arguments in the right place (registers or stack) as well as return
address, and resume the programme, wait for the function call finished.

In your case, I suspect GDB prepares the incorrect arguments for
function strtok due to lack of debugging information, so you'll see
the error.

You can get your libc debug info installed, or wrap up strktok like
this in your program,

char *
my_strtok(char *str, const char *delim)
{
  return strtok (str, delim);
}

and in gdb,

(gdb) p p1 = my_strtok(a0, se)

-- 
Yao (齐尧)

Re: The return address of strtok is out of bounds in gdb

[Andreas Schwab]

Yao Qi <qiyaoltc@gmail.com> writes:

> In your case, I suspect GDB prepares the incorrect arguments for
> function strtok due to lack of debugging information, so you'll see
> the error.

Probably just the unknown return type, which defaults to int, so you get
truncation to 32 bits.

> You can get your libc debug info installed, or wrap up strktok like
> this in your program,
>
> char *
> my_strtok(char *str, const char *delim)
> {
>   return strtok (str, delim);
> }
>
> and in gdb,
>
> (gdb) p p1 = my_strtok(a0, se)

Or add a cast to the expected type:

(gdb) p p1 = ((char *(*)())strtok)(a0, se)

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Re: The return address of strtok is out of bounds in gdb

[Zhang Zhen]

On 2015/3/17 19:26, Andreas Schwab wrote:
> Yao Qi <qiyaoltc@gmail.com> writes:
> 
>> In your case, I suspect GDB prepares the incorrect arguments for
>> function strtok due to lack of debugging information, so you'll see
>> the error.
> 
> Probably just the unknown return type, which defaults to int, so you get
> truncation to 32 bits.
> 
>> You can get your libc debug info installed, or wrap up strktok like
>> this in your program,
I have tried install libc6-dbg, but the error still exist.

root@sandybridge:/tmp# ls /lib64/.debug/
ld-2.18.so		 libm-2.18.so		libnss_nis-2.18.so
libBrokenLocale-2.18.so  libmemusage.so		libnss_nisplus-2.18.so
libSegFault.so		 libnsl-2.18.so		libpcprofile.so
libanl-2.18.so		 libnss_compat-2.18.so	libpthread-2.18.so
libc-2.18.so		 libnss_db-2.18.so	libresolv-2.18.so
libcidn-2.18.so		 libnss_dns-2.18.so	librt-2.18.so
libcrypt-2.18.so	 libnss_files-2.18.so	libthread_db-1.0.so
libdl-2.18.so		 libnss_hesiod-2.18.so	libutil-2.18.so

>>
>> char *
>> my_strtok(char *str, const char *delim)
>> {
>>   return strtok (str, delim);
>> }
>>
>> and in gdb,
>>
>> (gdb) p p1 = my_strtok(a0, se)
> 
> Or add a cast to the expected type:
> 
> (gdb) p p1 = ((char *(*)())strtok)(a0, se)
> 
Yeah, i tried to wrap up strktok and add a cast.
They both work well.
But i want to know how can i get the correct return type of strtok in gdb.

Thanks for your and Yao Qi's reply.
> Andreas.
> 

Re: The return address of strtok is out of bounds in gdb

[Jan Kratochvil]

On Wed, 18 Mar 2015 04:08:43 +0100, Zhang Zhen wrote:
> I have tried install libc6-dbg, but the error still exist.

Debian *-dbg packages have always been broken.  On Fedora/RHEL it works.


Jan