From patchwork Fri Mar 21 17:25:56 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Keith Seitz X-Patchwork-Id: 209 Return-Path: X-Original-To: siddhesh@wilcox.dreamhost.com Delivered-To: siddhesh@wilcox.dreamhost.com Received: from homiemail-mx22.g.dreamhost.com (caibbdcaabij.dreamhost.com [208.113.200.189]) by wilcox.dreamhost.com (Postfix) with ESMTP id CE2083600BC for ; Fri, 21 Mar 2014 10:26:04 -0700 (PDT) Received: by homiemail-mx22.g.dreamhost.com (Postfix, from userid 14314964) id 762E1501781A; Fri, 21 Mar 2014 10:26:04 -0700 (PDT) X-Original-To: gdb@patchwork.siddhesh.in Delivered-To: x14314964@homiemail-mx22.g.dreamhost.com Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by homiemail-mx22.g.dreamhost.com (Postfix) with ESMTPS id 4F9CB5017801 for ; Fri, 21 Mar 2014 10:26:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:cc :subject:references:in-reply-to:content-type; q=dns; s=default; b= VGYMqNCuiDPVHpOV2s354CKy/Q/N8W1tNYesKWmV8Sh0GyVLg0joCpdz+YjLpWp7 qRZkNbk4aO4LxWovdV+uCso0idZf/MVR9R8IrgD50ODcTZHs+cLqZDxB3qcYoNPU BmjeDadRC9/sU+T3vS4xE7N86wmGy9nBbbQN2Rx/hVY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:cc :subject:references:in-reply-to:content-type; s=default; bh=ezZI dcRMONlt4uI7xyaX691Be14=; b=kY3ocKdc4TrRloAHpOaNeFCiOThzdrQQ6FFK 9qGLktbI9D6XVh4RVH7QJ2p7arxXGSfqwjbQT4/tnb784olrNIEVS48vmWz97bG6 At0dOn3T88Nqo3B9chgO//v5l4gb6v5R/rFDeqTmqZl4xcP9a8X7trqo7ddwC8ST Fa7bqIY= Received: (qmail 13065 invoked by alias); 21 Mar 2014 17:26:02 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 13056 invoked by uid 89); 21 Mar 2014 17:26:02 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL, BAYES_00, SPF_HELO_PASS, SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 21 Mar 2014 17:26:00 +0000 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2LHPvmv007635 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 21 Mar 2014 13:25:57 -0400 Received: from valrhona.uglyboxes.com (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id s2LHPvKC014263 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 21 Mar 2014 13:25:57 -0400 Message-ID: <532C7624.4080704@redhat.com> Date: Fri, 21 Mar 2014 10:25:56 -0700 From: Keith Seitz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Joel Brobecker CC: "gdb-patches@sourceware.org ml" Subject: Re: [RFA] Fix gdb/15827 (crash w/corrupt DWARF) References: <532C6D4D.2050705@redhat.com> <20140321171453.GJ4282@adacore.com> In-Reply-To: <20140321171453.GJ4282@adacore.com> X-IsSubscribed: yes X-DH-Original-To: gdb@patchwork.siddhesh.in Hi, Joel! Thank you for having a look at this. On 03/21/2014 10:14 AM, Joel Brobecker wrote: > Use "(void)" instead of "()". There was a recent policy clarification > regarding the CS to be using with testcases, and basically we decided > to try to follow the GCS as much as we reasonably could. Cut-n-paste-o. Fixed. >> +# If we get here and gdb hasn't crashed, the tests pass. >> +pass "corrupt DWARF" > > That's just me but I usually do a "print 1" test, just to make sure > that even if the testing framework did not detect the GDB process > dying, the "print 1" test definitely will. Not important on most, > if not all platforms, but ISTR some odd platforms where this helped. > That's just a suggestion, you don't have to follow it. Actually, I think that's a very good idea (which did not occur to me). My big hesitation with this is that this failure gets reported as UNRESOLVED. While I try to be studious about checking XFAIL/UNRESOLVED/ERROR, I sometimes overlook these in favor of a raw PASS/FAIL check in gdb.sum. I've attached a revision with those two changes (ChangeLog remains unchanged). Keith ChangeLog 2014-03-20 Keith Seitz PR gdb/15827 * dwarf2read.c (skip_one_die): Check that all relative-offset sibling DIEs fall within range of the current reader's buffer. (read_partial_die): Likewise. testsuite/ChangeLog 2014-03-20 Keith Seitz PR gdb/15827 * gdb.dwarf2/corrupt.c: New file. * gdb.dwarf2/corrupt.exp: New file. diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c index 705dc2d..c30b1b3 100644 --- a/gdb/dwarf2read.c +++ b/gdb/dwarf2read.c @@ -7103,6 +7103,8 @@ skip_one_die (const struct die_reader_specs *reader, const gdb_byte *info_ptr, if (sibling_ptr < info_ptr) complaint (&symfile_complaints, _("DW_AT_sibling points backwards")); + else if (sibling_ptr > reader->buffer_end) + dwarf2_section_buffer_overflow_complaint (reader->die_section); else return sibling_ptr; } @@ -15416,6 +15418,8 @@ read_partial_die (const struct die_reader_specs *reader, if (sibling_ptr < info_ptr) complaint (&symfile_complaints, _("DW_AT_sibling points backwards")); + else if (sibling_ptr > reader->buffer_end) + dwarf2_section_buffer_overflow_complaint (reader->die_section); else part_die->sibling = sibling_ptr; } diff --git a/gdb/testsuite/gdb.dwarf2/corrupt.c b/gdb/testsuite/gdb.dwarf2/corrupt.c new file mode 100644 index 0000000..bcd5fd8 --- /dev/null +++ b/gdb/testsuite/gdb.dwarf2/corrupt.c @@ -0,0 +1,24 @@ +/* This testcase is part of GDB, the GNU debugger. + + Copyright 2014 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +/* Dummy main function. */ + +int +main (void) +{ + return 0; +} diff --git a/gdb/testsuite/gdb.dwarf2/corrupt.exp b/gdb/testsuite/gdb.dwarf2/corrupt.exp new file mode 100644 index 0000000..048ae0c --- /dev/null +++ b/gdb/testsuite/gdb.dwarf2/corrupt.exp @@ -0,0 +1,77 @@ +# Copyright 2014 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Test corrupt DWARF input +# PR gdb/15827 + +load_lib dwarf.exp + +if {![dwarf2_support]} { + return 0 +} + +standard_testfile corrupt.c corrupt.S + +# Make the DWARF used for the test. +# +# Here we put DW_AT_sibling DIEs into the output which +# point off into la-la land. The whole purpose is to simulate +# corrupt DWARF information and make sure that GDB can handle it +# without crashing. + +set asm_file [standard_output_file $srcfile2] +Dwarf::assemble $asm_file { + cu {} { + compile_unit {} { + declare_labels int_label + + int_label: base_type { + {byte_size 4} + {name "int"} + } + + enumeration_type { + {name "ENUM"} + {byte_size 4} + } { + enumerator { + {name "A"} + {const_value 0} + } + enumerator { + {name "B"} + {const_value 1} + {sibling 12345678 DW_FORM_ref4} + } { + base_type { + {byte_size 1} + {name "char"} + } + } + array_type { + {type :$int_label} + {sibling 12345678 DW_FORM_ref4} + } + } + } + } +} + +if {[prepare_for_testing $testfile.exp $testfile \ + [list $srcfile $asm_file] {nodebug}]} { + return -1 +} + +gdb_test "print 1" "= 1" "recover from corrupt DWARF"