This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]
[PATCH] Prevent inline function parameters from crashing the DWARF reader

From: Keith Seitz <keiths at redhat dot com>
To: gdb-patches at sourceware dot org
Date: Fri, 12 Oct 2018 14:21:41 -0700
Subject: [PATCH] Prevent inline function parameters from crashing the DWARF reader
When reading DWARF information for an inlined function, new_symbol
assumes that the CU has a valid builder:

   case DW_TAG_formal_parameter:
     {
       /* If we are inside a function, mark this as an argument.  If
          not, we might be looking at an argument to an inlined function
          when we do not have enough information to show inlined frames;
          pretend it's a local variable in that case so that the user can
          still see it.  */
       struct context_stack *curr
         = cu->builder->get_current_context_stack ());
       if (curr != nullptr && curr->name != nullptr)
         SYMBOL_IS_ARGUMENT (sym) = 1;
       // ..

However, as demonstrated in this Fedora bugzilla:
  https://bugzilla.redhat.com/show_bug.cgi?id=1638798

the abstract_origin of the parameter DIE may be in an entirely different
CU.  This CU will have no builder defined for it, so the call to
get_current_context_stack is made on an uninitialized builder, and GDB
segfaults.

gdb/ChangeLog:
YYYY-MM-DD  Keith Seitz  <keiths@redhat.com>

	https://bugzilla.redhat.com/show_bug.cgi?id=1638798
	* dwarf2read.c (new_symbol): Don't assume there is a valid
	builder when processing formal_parameter; it may have come
	from another CU.

gdb/testsuite/ChangeLog:
YYYY-MM-DD  Keith Seitz  <keiths@redhat.com>

	https://bugzilla.redhat.com/show_bug.cgi?id=1638798
	* gdb.dwarf2/inline_subroutine-inheritance.exp: New file.
---
 gdb/ChangeLog                                 |   7 +
 gdb/dwarf2read.c                              |   8 +-
 gdb/testsuite/ChangeLog                       |   5 +
 .../inline_subroutine-inheritance.exp         | 213 ++++++++++++++++++
 4 files changed, 232 insertions(+), 1 deletion(-)
 create mode 100644 gdb/testsuite/gdb.dwarf2/inline_subroutine-inheritance.exp

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index b3cc64659f..18fcb671b4 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,10 @@
+YYYY-MM-DD  Keith Seitz  <keiths@redhat.com>
+
+	https://bugzilla.redhat.com/show_bug.cgi?id=1638798
+	* dwarf2read.c (new_symbol): Don't assume there is a valid
+	builder when processing formal_parameter; it may have come
+	from another CU.
+
 2018-10-11  Gary Benson <gbenson@redhat.com>
 
 	* interps.h (interp::m_name): Make private and mutable.
diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c
index 2a1b805c9a..c11b778e71 100644
--- a/gdb/dwarf2read.c
+++ b/gdb/dwarf2read.c
@@ -21565,8 +21565,14 @@ new_symbol (struct die_info *die, struct type *type, struct dwarf2_cu *cu,
 	       when we do not have enough information to show inlined frames;
 	       pretend it's a local variable in that case so that the user can
 	       still see it.  */
+
+	    /* If this inlined function parameter is inherited from another
+	       CU, that CU may not have a builder associated with it.
+	       Don't assume that it does.  */
 	    struct context_stack *curr
-	      = cu->builder->get_current_context_stack ();
+	      = (cu->builder == nullptr
+		 ? nullptr
+		 : cu->builder->get_current_context_stack ());
 	    if (curr != nullptr && curr->name != nullptr)
 	      SYMBOL_IS_ARGUMENT (sym) = 1;
 	    attr = dwarf2_attr (die, DW_AT_location, cu);
diff --git a/gdb/testsuite/ChangeLog b/gdb/testsuite/ChangeLog
index ba5fae99e7..9f5ab8f86a 100644
--- a/gdb/testsuite/ChangeLog
+++ b/gdb/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+YYYY-MM-DD  Keith Seitz  <keiths@redhat.com>
+
+	https://bugzilla.redhat.com/show_bug.cgi?id=1638798
+	* gdb.dwarf2/inline_subroutine-inheritance.exp: New file.
+
 2018-10-11  Sandra Loosemore  <sandra@codesourcery.com>
 
 	* gdb.base/solib-vanish.exp: Fix regexp not to require a POSIX
diff --git a/gdb/testsuite/gdb.dwarf2/inline_subroutine-inheritance.exp b/gdb/testsuite/gdb.dwarf2/inline_subroutine-inheritance.exp
new file mode 100644
index 0000000000..92c5d0529b
--- /dev/null
+++ b/gdb/testsuite/gdb.dwarf2/inline_subroutine-inheritance.exp
@@ -0,0 +1,213 @@
+# Copyright 2018 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# This tests a segfault that occurs when reading inline_subroutine DIEs
+# with abstract_origins pointing to DIEs in other CUs.
+#
+# See https://bugzilla.redhat.com/show_bug.cgi?id=1638798 .
+
+load_lib dwarf.exp
+
+# This test can only be run on targets which support DWARF.
+if {![dwarf2_support]} {
+    return 0
+}
+
+standard_testfile main.c .S
+
+# Create the DWARF.  This is derived from the reproducer in the Fedora
+# bugzila mentioned above.  For clarity, some "superfluous" DIES have
+# been left instead of simplifying/pruning the test further.
+set asm_file [standard_output_file $srcfile2]
+Dwarf::assemble $asm_file {
+    declare_labels Db D72f8 D736e
+    declare_labels D266465 D266477 D266483 D266496 D266498 D266ad3 D266ad9 \
+	D266ade D26b227 D26b237
+    declare_labels D26d8b1 D26d8c3 D26d8cf D26d944 D26d946 D26e103 D26e145 \
+	D26e415 D26e48c D26df00 D26df06 D26df0b D272519 D274c1a D274c42
+
+    cu {} {
+	Db: compile_unit {
+	    {language @DW_LANG_C99}
+	    {name "<artificial>"}
+	} {
+	    D72f8: subprogram {
+		{abstract_origin :$D272519}
+		{low_pc 0xb9e20 addr}
+		{high_pc 0x1f5 data4}
+	    } {
+		D736e: inlined_subroutine {
+		    {abstract_origin :$D26b227}
+		    {low_pc 0xb9efc addr}
+		    {high_pc 0xc data4}
+		} {
+		    formal_parameter {
+			{abstract_origin :$D274c42}
+		    }
+		}
+	    }
+	}
+    }
+
+    cu {} {
+	D266465: compile_unit {
+	    {language @DW_LANG_C99}
+	} {
+	    D266477: typedef {
+		{name "size_t"}
+		{type :$D266483}
+	    }
+
+	    D266483: base_type {
+		{byte_size 8 sdata}
+		{encoding @DW_ATE_unsigned}
+	    }
+
+	    D266496: pointer_type {
+		{byte_size 8 sdata}
+	    }
+
+	    D266498: restrict_type {
+		{type :$D266496}
+	    }
+
+	    D266ad3: pointer_type {
+		{byte_size 8 sdata}
+		{type :$D266ade}
+	    }
+
+	    D266ad9: restrict_type {
+		{type :$D266ad3}
+	    }
+
+	    D266ade: const_type {}
+
+	    D26b227: subprogram {
+		{external 1 flag}
+		{name "memcpy"}
+		{type :$D266496}
+	    } {
+		D26b237: formal_parameter {
+		    {name "__dest"}
+		    {type :$D266498}
+		}
+		formal_parameter {
+		    {name "__src"}
+		    {type :$D266ad9}
+		}
+		formal_parameter {
+		    {name "__len"}
+		    {type :$D266477}
+		}
+	    }
+	}
+    }
+
+    cu {} {
+	D26d8b1: compile_unit {
+	    {language @DW_LANG_C99}
+	} {
+	    D26d8c3: typedef {
+		{name "size_t"}
+		{type :$D26d8cf}
+	    }
+
+	    D26d8cf: base_type {
+		{byte_size 8 sdata}
+		{encoding @DW_ATE_unsigned}
+		{name "long unsigned int"}
+	    }
+
+	    D26d944: pointer_type {
+		{byte_size 8 sdata}
+	    }
+
+	    D26d946: restrict_type {
+		{type :$D26d944}
+	    }
+
+	    D26e103: structure_type {
+		{name "__object"}
+		{byte_size 12 sdata}
+	    } {
+		member {
+		    {name "__ob_next"}
+		    {type :$D26e145}
+		    {data_member_location 0 sdata}
+		}
+	    }
+
+	    D26e145: pointer_type {
+		{byte_size 8 sdata}
+		{type :$D26e103}
+	    }
+
+	    D26e415: typedef {
+		{name "PyObject"}
+		{type :$D26e103}
+	    }
+
+	    D26e48c: pointer_type {
+		{byte_size 8 sdata}
+		{type :$D26e415}
+	    }
+
+	    D26df00: pointer_type {
+		{byte_size 8 sdata}
+		{type :$D26df0b}
+	    }
+
+	    D26df06: restrict_type {
+		{type :$D26df00}
+	    }
+
+	    D26df0b: const_type {}
+
+	    D272519: subprogram {
+		{name "bytes_repeat"}
+		{type :$D26e48c}
+	    }
+
+	    D274c1a: subprogram {
+		{external 1 flag}
+		{name "memcpy"}
+		{type :$D26d944}
+	    } {
+		formal_parameter {
+		    {name "__dest"}
+		    {type :$D26d946}
+		}
+		formal_parameter {
+		    {name "__src"}
+		    {type :$D26df06}
+		}
+		D274c42: formal_parameter {
+		    {name "__len"}
+		    {type :$D26d8c3}
+		}
+	    }
+	}
+    }
+}
+
+if {[prepare_for_testing "failed to prepare" $testfile \
+	 "${asm_file} ${srcfile}" {}]} {
+    return -1
+}
+
+# All we need to do is set a breakpoint, which causes the DWARF
+# info to be read, to demonstrate the problem.
+
+gdb_breakpoint "bytes_repeat" message
-- 
2.17.1
Follow-Ups:
- Re: [PATCH] Prevent inline function parameters from crashing the DWARF reader
  - From: Sergio Durigan Junior
- Re: [PATCH] Prevent inline function parameters from crashing the DWARF reader
  - From: Tom Tromey
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]