From patchwork Thu Jan 26 13:17:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antoine Tremblay X-Patchwork-Id: 19033 Received: (qmail 39408 invoked by alias); 26 Jan 2017 13:17:48 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 39398 invoked by uid 89); 26 Jan 2017 13:17:47 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.0 required=5.0 tests=BAYES_20, SPF_PASS autolearn=ham version=3.3.2 spammy=5156, H*r:Security, H*r:Symantec, Hx-languages-length:2377 X-HELO: usplmg20.ericsson.net Received: from usplmg20.ericsson.net (HELO usplmg20.ericsson.net) (198.24.6.45) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 26 Jan 2017 13:17:45 +0000 Received: from EUSAAHC006.ericsson.se (Unknown_Domain [147.117.188.90]) by (Symantec Mail Security) with SMTP id 25.79.29529.7FDF9885; Thu, 26 Jan 2017 14:47:38 +0100 (CET) Received: from elxa4wqvvz1.ca.am.ericsson.se (147.117.188.8) by smtps-am.internal.ericsson.com (147.117.188.90) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 26 Jan 2017 08:17:40 -0500 From: Antoine Tremblay To: CC: Antoine Tremblay Subject: [PATCH] Fix crash when loading a core with unexpected register section size Date: Thu, 26 Jan 2017 08:17:26 -0500 Message-ID: <1485436646-12223-1-git-send-email-antoine.tremblay@ericsson.com> MIME-Version: 1.0 X-IsSubscribed: yes When loading a core without an executable like so: gdb --core core for example often the gdbarch won't contain the iterate_over_regset_sections method. This will generate a call to get_core_register_section with a NULL regset like at corelow.c:628 get_core_register_section (regcache, NULL, ".reg", 0, 0, "general-purpose", 1); However a check for REGSET_VARIABLE_SIZE in get_core_register_section assumes that regset is != NULL thus leading to a crash with this backtrace: (gdb) bt #0 0x000000000065907b in get_core_register_section (regcache=regcache@entry=0x2c26260, regset=regset@entry=0x0, name=name@entry=0xdbf7b2 ".reg", min_size=min_size@entry=0, which=which@entry=0, human_name=human_name@entry=0xdbac28 "general-purpose", required=1) at ../../gdb/corelow.c:542 #1 0x0000000000659b70 in get_core_registers (ops=, regcache=0x2c26260, regno=) at ../../gdb/corelow.c:628 #2 0x000000000076e5fb in target_fetch_registers (regcache=regcache@entry=0x2c26260, regno=regno@entry=15) at ../../gdb/target.c:3590 Note that commit: f962539ad23759af4ba8f7eece1946fdc2f5087 introcuded this issue. Thus releases > 7.8.2 are affected. This patch fixes this crash by adding a check for regset existence before running the condition. gdb/ChangeLog: * corelow.c (get_core_register_section): Check for regset existance before checking for REGSET_VARIABLE_SIZE. --- gdb/corelow.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/gdb/corelow.c b/gdb/corelow.c index a075d9e..f43f730 100644 --- a/gdb/corelow.c +++ b/gdb/corelow.c @@ -515,6 +515,7 @@ get_core_register_section (struct regcache *regcache, struct bfd_section *section; bfd_size_type size; char *contents; + bool variable_size_section = false; xfree (section_name); @@ -534,12 +535,16 @@ get_core_register_section (struct regcache *regcache, } size = bfd_section_size (core_bfd, section); + + variable_size_section = (regset != NULL + && regset->flags & REGSET_VARIABLE_SIZE); + if (size < min_size) { warning (_("Section `%s' in core file too small."), section_name); return; } - if (size != min_size && !(regset->flags & REGSET_VARIABLE_SIZE)) + if (size != min_size && !variable_size_section) { warning (_("Unexpected size of section `%s' in core file."), section_name);