diff mbox series

Avoid double-free with debuginfod

Message ID 20221212183852.1502020-1-tromey@adacore.com
State New
Headers
Series Avoid double-free with debuginfod |

Commit Message

Tom Tromey Dec. 12, 2022, 6:38 p.m. UTC 
  PR gdb/29257 points out a possible double free when debuginfod is in
use.  Aside from some ugly warts in the symbol code (an ongoing
issue), the underlying issue in this particular case is that elfread.c
seems to assume that symfile_bfd_open will return NULL on error,
whereas in reality it throws an exception.  As this code isn't
prepared for an exception, bad things result.

This patch fixes the problem by introducing a non-throwing variant of
symfile_bfd_open and using it in the affected places.

Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29257
---
 gdb/elfread.c | 19 ++++++++++---------
 gdb/symfile.c | 17 +++++++++++++++++
 gdb/symfile.h |  5 +++++
 3 files changed, 32 insertions(+), 9 deletions(-)

Comments

Simon Marchi Dec. 13, 2022, 9:32 p.m. UTC | #1 
On 12/12/22 13:38, Tom Tromey via Gdb-patches wrote:
> PR gdb/29257 points out a possible double free when debuginfod is in
> use.  Aside from some ugly warts in the symbol code (an ongoing
> issue), the underlying issue in this particular case is that elfread.c
> seems to assume that symfile_bfd_open will return NULL on error,
> whereas in reality it throws an exception.  As this code isn't
> prepared for an exception, bad things result.
> 
> This patch fixes the problem by introducing a non-throwing variant of
> symfile_bfd_open and using it in the affected places.
> 
> Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29257

I don't know how the debuginfo tests in our testsuite work... would it
be easy to make a test that mimics the reproduction steps given in the
bug?  You would build an executable without debug info, then make an
empty file with the approrpriate name in the debuginfod cache.

> diff --git a/gdb/symfile.h b/gdb/symfile.h
> index ffd1acddfdb..61d69c4e412 100644
> --- a/gdb/symfile.h
> +++ b/gdb/symfile.h
> @@ -269,6 +269,11 @@ extern void set_initial_language (void);
>  
>  extern gdb_bfd_ref_ptr symfile_bfd_open (const char *);
>  
> +/* Like symfile_bfd_open, but will not throw an exception on error.
> +   Instead, it issues a warning and returns nullptr.  */
> +
> +extern gdb_bfd_ref_ptr symfile_bfd_open_no_error (const char *);

Maybe mark the function noexcept?

Simon
Tom Tromey April 13, 2023, 8 p.m. UTC | #2 
>>>>> "Simon" == Simon Marchi via Gdb-patches <gdb-patches@sourceware.org> writes:

>> Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29257

Simon> I don't know how the debuginfo tests in our testsuite work... would it
Simon> be easy to make a test that mimics the reproduction steps given in the
Simon> bug?  You would build an executable without debug info, then make an
Simon> empty file with the approrpriate name in the debuginfod cache.

I finally found some time to try this today.  I worked on it for a while
but couldn't get it working in a reasonable way.

>> +extern gdb_bfd_ref_ptr symfile_bfd_open_no_error (const char *);

Simon> Maybe mark the function noexcept?

I did this.  I'm checking it in now.

Tom
diff mbox series

Patch

diff --git a/gdb/elfread.c b/gdb/elfread.c
index 64aeb239670..57ff19182af 100644
--- a/gdb/elfread.c
+++ b/gdb/elfread.c
@@ -1220,10 +1220,12 @@  elf_symfile_read_dwarf2 (struct objfile *objfile,
 
       if (!debugfile.empty ())
 	{
-	  gdb_bfd_ref_ptr debug_bfd (symfile_bfd_open (debugfile.c_str ()));
+	  gdb_bfd_ref_ptr debug_bfd
+	    (symfile_bfd_open_no_error (debugfile.c_str ()));
 
-	  symbol_file_add_separate (debug_bfd, debugfile.c_str (),
-				    symfile_flags, objfile);
+	  if (debug_bfd != nullptr)
+	    symbol_file_add_separate (debug_bfd, debugfile.c_str (),
+				      symfile_flags, objfile);
 	}
       else
 	{
@@ -1243,13 +1245,12 @@  elf_symfile_read_dwarf2 (struct objfile *objfile,
 	      if (fd.get () >= 0)
 		{
 		  /* File successfully retrieved from server.  */
-		  gdb_bfd_ref_ptr debug_bfd (symfile_bfd_open (symfile_path.get ()));
+		  gdb_bfd_ref_ptr debug_bfd
+		    (symfile_bfd_open_no_error (symfile_path.get ()));
 
-		  if (debug_bfd == nullptr)
-		    warning (_("File \"%s\" from debuginfod cannot be opened as bfd"),
-			     filename);
-		  else if (build_id_verify (debug_bfd.get (), build_id->size,
-					    build_id->data))
+		  if (debug_bfd != nullptr
+		      && build_id_verify (debug_bfd.get (), build_id->size,
+					  build_id->data))
 		    {
 		      symbol_file_add_separate (debug_bfd, symfile_path.get (),
 						symfile_flags, objfile);
diff --git a/gdb/symfile.c b/gdb/symfile.c
index eb27668f9d3..b9994e35ae1 100644
--- a/gdb/symfile.c
+++ b/gdb/symfile.c
@@ -1744,6 +1744,23 @@  symfile_bfd_open (const char *name)
   return sym_bfd;
 }
 
+/* See symfile.h.  */
+
+gdb_bfd_ref_ptr
+symfile_bfd_open_no_error (const char *name)
+{
+  try
+    {
+      return symfile_bfd_open (name);
+    }
+  catch (const gdb_exception_error &err)
+    {
+      warning ("%s", err.what ());
+    }
+
+  return nullptr;
+}
+
 /* Return the section index for SECTION_NAME on OBJFILE.  Return -1 if
    the section was not found.  */
 
diff --git a/gdb/symfile.h b/gdb/symfile.h
index ffd1acddfdb..61d69c4e412 100644
--- a/gdb/symfile.h
+++ b/gdb/symfile.h
@@ -269,6 +269,11 @@  extern void set_initial_language (void);
 
 extern gdb_bfd_ref_ptr symfile_bfd_open (const char *);
 
+/* Like symfile_bfd_open, but will not throw an exception on error.
+   Instead, it issues a warning and returns nullptr.  */
+
+extern gdb_bfd_ref_ptr symfile_bfd_open_no_error (const char *);
+
 extern int get_section_index (struct objfile *, const char *);
 
 extern int print_symbol_loading_p (int from_tty, int mainline, int full);