From patchwork Thu Apr 4 15:34:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Edlinger X-Patchwork-Id: 88036 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 769EF384640D for ; Thu, 4 Apr 2024 15:33:07 +0000 (GMT) X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02olkn2023.outbound.protection.outlook.com [40.92.50.23]) by sourceware.org (Postfix) with ESMTPS id BFCE6385841D for ; Thu, 4 Apr 2024 15:32:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BFCE6385841D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=hotmail.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=hotmail.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BFCE6385841D Authentication-Results: server2.sourceware.org; arc=pass smtp.remote-ip=40.92.50.23 ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1712244763; cv=pass; b=xc48yJAko12dpjNUpp+70LRKKr6zq8yX72PFSBghV9ZFerSL0VMWcAwfLBUzvyMDlc8809eLAE1NHyMPmw6B3fWIUCoeB5KcYzBZtZ2SIFK41aYkaD4qRBr+mc1b9n+gsaA0ZPDw84v4ZNxlzmpfvUCiMWIgva2B0PQe/qKQxEM= ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1712244763; c=relaxed/simple; bh=gwXtgwgAH9+3Xf39Babw/5dh0ReBkB2XcayNsGTS77w=; h=DKIM-Signature:Message-ID:Date:From:Subject:To:MIME-Version; b=ueYCnUpJ3U5xGck3zEdjaQc79zu99/5dsBAjAIlcaCniAjfkPzXfHj0EDORUh/UN2t3mFYj7OBl3U0EsQ1ILSPZGB4WwgSwh9u9ryktPWI51h/VAcC/7phIMjbrXqemQPkKZdHT5FsRr/kYLB2C2uX/gjp48JjYFYNq266OBS1M= ARC-Authentication-Results: i=2; server2.sourceware.org ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=baTR8HfoI1XfT1NHkReATB3FW17jICAjinDSbXqlAdy+FkYPAxc4bwQ3XuRv1l3dlJ0Lu4twlktOHtUIR+Wv/FvQLzSLyysBQBPSbAIpJ9vOAW91+a66T/BXAzlXa9AeI3b1+W9dJ8ZmS1Hv5zycStudKyJ9qOBdHYiDt2dGBdxqGq3wIyf/r1p2ZhXcOfbQZiN0SJgOC+AKgP/DnaDuVvh1yxK0RD4wqClEFe7SGjFqNw5VusH0wiYMP5cfL9aXcF7I+Rmxw4ScaSF+6UvVD+iSp5gYIyuwXYQ0cCQGGVr6MJQliJ9OH7SRJ/kc3cdaESLHvk+BRobisa5eQYte1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1mgfWozfH/ZSMnhdN0Jrc0Fozo9qvBIF5zZAxWj9Pd4=; b=PAqZHBsHEDYX+j08BRHqJIevSr1bi2B37HzyzPGP4zjuiUDGap1VExuuCsxDJNR5i8GWOsvAt2p6Hp2jCSj4QX6lj7EtSOK+zRZkJhHjZrPuy0beyJuJ0sqahltQzotie+zbHdyRX5mQ56Uev302XTIeDZlnM2BxOmTg9ijD6FJZPo8KKaOI1PQtqr6DoWeLmxf5lsHNbWsx6QC9hNldnhToNN6zYCUGoGyEWOWJ6pOI0pnPXh18m6vV/cHc11ahEKKOr1PH1aAQTN9gWzpdPG3SvCezb7+g6IXUyd/QCaUXArXA2Chzh6ZkNEKzz1Udq12buksS9Wk1Tyw2jZeuqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=HOTMAIL.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1mgfWozfH/ZSMnhdN0Jrc0Fozo9qvBIF5zZAxWj9Pd4=; b=H2TmPd4BM3/Lo+eV0i/w/z2L4WJI9mfg2M1o3YlCHEFq5dBWN+wJIqWxI1DtAPPcBIbn40Hv1u7eUhhpzQATjzLTi3UZ6pfY0rfCKirJzS6LqKlhwA09UZJxLdugry+SezDn3H+oanIeGyeAIBUSzZyyrHXpb8SqEkXr7dG3ajyUVaeyHNp/pPpzklnsjzI6/VDQUWQ09AcxHFVM/XPfSAjSryZBOpG7kcsNn4hxP8i5PeUBV0kYO2FbD+RbOFd/oGtwqOwy617qWQHuvw8BnvA51ZoWPBVSxDEYQqucMeKE9en8P0qFJt1w3/rIKAcBsQqPj9LR9kOpaAuDlsbI5Q== Received: from AS8P193MB1285.EURP193.PROD.OUTLOOK.COM (2603:10a6:20b:333::21) by VI1P193MB0685.EURP193.PROD.OUTLOOK.COM (2603:10a6:800:155::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Thu, 4 Apr 2024 15:32:38 +0000 Received: from AS8P193MB1285.EURP193.PROD.OUTLOOK.COM ([fe80::5403:f1ad:efaf:1f71]) by AS8P193MB1285.EURP193.PROD.OUTLOOK.COM ([fe80::5403:f1ad:efaf:1f71%4]) with mapi id 15.20.7409.042; Thu, 4 Apr 2024 15:32:38 +0000 Message-ID: Date: Thu, 4 Apr 2024 17:34:23 +0200 User-Agent: Mozilla Thunderbird Content-Language: en-US From: Bernd Edlinger Subject: [PATCH v2] Fix an out of bounds array access in find_epilogue_using_linetable To: "gdb-patches@sourceware.org" , Tom de Vries X-TMN: [xYyrRKW+Yp1Dc9rOsxx/TslLvMlKDz+iaiskUAJvEE1mAfwnK3dD3+nrZ2UgsWSr] X-ClientProxiedBy: FR4P281CA0242.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f5::20) To AS8P193MB1285.EURP193.PROD.OUTLOOK.COM (2603:10a6:20b:333::21) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P193MB1285:EE_|VI1P193MB0685:EE_ X-MS-Office365-Filtering-Correlation-Id: 96742c5c-2287-4dd4-b33c-08dc54bc758e X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lVxg3i4WFa/Fk61Ru45hDIDTiqNN4GWQbsvHINhsVeUauydKm2p3FBXhldPPaqzRVc2ra/Ntdjn4j/J2h37oOd+L4ZkNjRrpa02g2Ir6GEHiW2E1oMMeF19AAKy4gGWsau8Gm5GVuwdTKCXfTdX0mFSqSxzMYuWdjk/s6MKSi9hSUALSG+PfQHkMejn+A4wEBNPmCgHD9C/YTKKu0Wkk+LZ7GGRKWwE0wfvHMHBKByELmHZv+B8w/Dph43Uy6W2LYdjKqQpph0m3QGkJRstXVYlAgTml2wBN3AS3+X8I5wSw6VGZh3aWWDHs8vJMahC40xJI0smI9PH32eUFK+Lm+YqBmD9e2XZPqpfTok7P8cbEslqn5XEmiApceLsbxeEE99mm1YN6RPaJXN1zUT/drLM4s+MdWjGZ5GpfQNp1XhNQ+gI4/4oHJRqKNq0gx0HdXFxUjEoHYtcaB7CQMr9QJbOB/MaFUsoaLUO3QNIvoT4gSvfZWSHxy2RgV6O+V95Zs/4aER/KYVM7QmVIAZ3S0foWJxeAsps52IiPtgGnbkSg3Kuk/j+0jrZ9qa7eimZenfQLQ4TkxuofiUwZDAOnp+gPkDevinlRyqzZYFqtySN7J5Qc+R1ma0euaiSIcma64gmXghveln0E+7jK5baivnE/St7NhXFNzF9wKCVRg3A= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?RHmAdyLvETU9AKwLG4iibGgpLHIP?= =?utf-8?q?29221dRuRKdH4gFgg/MpMCUXDleWbBaDP1uTUeVP+3DSRgwXzcFLQ9fOr1BqakH1j?= =?utf-8?q?E8UVVzIN+cNLzAXFUMlnemU3xLAluo54hAvTtND9mjs/eA7Kf8DS1lw1cZGoSrDHN?= =?utf-8?q?ONE+eEAKIadOf6g4LWWJc2uKMURZIY/FRSY4dYD6XMCqkG9dDEoVeBH1LO5UUnSMK?= =?utf-8?q?DN1ZOtpeaUeLTUkv7DTZrZgsHuOvVGx4d67ccxmj31ssbi9+FhxDcJ0AfeT7YX2Gw?= =?utf-8?q?sAZxMX5+QIBKsMuW+GMk8mua3dn0U0WkfgasnD3LSOVlm9JTbGjNVkqVF5MDsfbdx?= =?utf-8?q?ossZLbxGX4q5LCuWBmibjfFzq/AjR/bHoRTRl43MVQtGeef82i3xWrLCWy4unvpG+?= =?utf-8?q?d3DjsKN86G4x3tSybkJd7vqCbJVfB+TOZm8qWCrLF9ohnQwrodDxS6BWVVZgxVbKl?= =?utf-8?q?hprtn5PRODH8R3dSjddWOq/dr2oM32pwzqJaz/LO1D9nvMZTLNjudmqWcwdmGGvY9?= =?utf-8?q?GhTXKanBrQtNxeL/O5Ogz1nmfvPMOOiv2RADTerfd5NMwJwZ4/rKykJmW0UWuwUNS?= =?utf-8?q?bNqcAtRfOVJp4NxC1jfQJBjcEPqVjQizdglws8CR5nBdlnSZaOamRvQ5+jv1TgX0T?= =?utf-8?q?eNUiDDeZr+JjyPDuA+CHnsAyhVnDX4Mbh5dVgEuW+3vJKNN5P95A0uN0ScxiM0Jcc?= =?utf-8?q?cWPCtlHWzwbCAq3Eoj4c+6orcXyy8id4on07CfbgBs2rDD/cmwFaVWuXD8tNrmYxV?= =?utf-8?q?a/PkxGcxeg7YDEwT1LiQJsepSGm+WEuNIpMbKtPNyNuAGgC+Dvq7X1nyf5Hi2xZFR?= =?utf-8?q?unpye4+btumsua5hw8tcQkNqKDZJRl+DhUIiILsm4EYLnjJodBmB+viaPcGMIymXR?= =?utf-8?q?/EJy94VeocXf35OgXqMT5EWN9tCl9MuilpnrwdwdxUdZl2X0KV8A3ckg9Df8h/+cl?= =?utf-8?q?YmEcwiCbPT/5xjZ80VOqF/asyMGFjqMKzIe4eonPMWjIBldhoJ88l2o/KPuIKn8bb?= =?utf-8?q?OGONWP085Sd5lL+zC1A+YfrSd/PMM9kSHOZEqYeNH9Y6TXwqUpEMEi3xvFE0mnu7E?= =?utf-8?q?ENdyF0FRfZTyhj9FPrzvBN068vN8oXaddG0Ym0tHqAPjHXh8nIUd4mVF7V2EaV0m1?= =?utf-8?q?Ww0tpN+xmZAx66Jaj2bl3uG/5m5fsADFQUw/UX5L1powgUvbhph923SiJwXnal2gX?= =?utf-8?q?twSObP22xdXoyuRuOJXPvvxMZom44CL8bKq0/cuT0vlJOy/4jv9ijLL94ShRjtbEI?= =?utf-8?q?MOq9yknZ5CvH5E9k?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-80ceb.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 96742c5c-2287-4dd4-b33c-08dc54bc758e X-MS-Exchange-CrossTenant-AuthSource: AS8P193MB1285.EURP193.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Apr 2024 15:32:38.5639 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P193MB0685 X-Spam-Status: No, score=-13.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces+patchwork=sourceware.org@sourceware.org There is an out-of bounds array access in find_epilogue_using_linetable. This causes random test failures like these: FAIL: gdb.base/unwind-on-each-insn-amd64.exp: foo: instruction 6: $fba_value == $fn_fba FAIL: gdb.base/unwind-on-each-insn-amd64.exp: foo: instruction 6: check frame-id matches FAIL: gdb.base/unwind-on-each-insn-amd64.exp: foo: instruction 6: bt 2 FAIL: gdb.base/unwind-on-each-insn-amd64.exp: foo: instruction 6: up FAIL: gdb.base/unwind-on-each-insn-amd64.exp: foo: instruction 6: $sp_value == $::main_sp FAIL: gdb.base/unwind-on-each-insn-amd64.exp: foo: instruction 6: $fba_value == $::main_fba FAIL: gdb.base/unwind-on-each-insn-amd64.exp: foo: instruction 6: [string equal $fid $::main_fid] Here the read happens below the first element of the line table, and the test failure depends on the value that is read from there. Theoretically it is also possible that std::lower_bound returns a pointer exactly at the upper bound of the line table, also here the read value is undefined, that happens in this test: FAIL: gdb.dwarf2/dw2-epilogue-begin.exp: confirm watchpoint doesn't trigger Fixes: 528b729be1a2 ("gdb/dwarf2: Add support for DW_LNS_set_epilogue_begin in line-table") --- gdb/symtab.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) v2: Address review comments -- improved patch description, and added a comment. diff --git a/gdb/symtab.c b/gdb/symtab.c index 86603dfebc3..be646a7a353 100644 --- a/gdb/symtab.c +++ b/gdb/symtab.c @@ -4177,11 +4177,17 @@ find_epilogue_using_linetable (CORE_ADDR func_addr) return lte.unrelocated_pc () < pc; }); - while (it->unrelocated_pc () >= unrel_start) + /* Note: Here IT points either to a linetable entry at or above unrel_end, + or to the linetable entry after the last linetable array element. + This means, it belongs either to the next function or is undefined. + Therefore it must always be decremented first, before de-referencing. + However it can also point to the beginning of the linetable array, + if the array happens to be empty. Decrementing below the first + element of an array is undefined behaviour and must be avoided too. */ + while (it > linetable->item && (--it)->unrelocated_pc () >= unrel_start) { if (it->epilogue_begin) return {it->pc (objfile)}; - it --; } } return {};