| Message ID | 20260324143835.39727-2-akamath996@gmail.com |
|---|---|
| State | New |
| Headers |
Return-Path: <binutils-bounces~patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id 2DD4A4BAD17F for <patchwork@sourceware.org>; Tue, 24 Mar 2026 14:41:55 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2DD4A4BAD17F Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20251104 header.b=glOsmuSt X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by sourceware.org (Postfix) with ESMTPS id 5EBE74BA23C9 for <binutils@sourceware.org>; Tue, 24 Mar 2026 14:40:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5EBE74BA23C9 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5EBE74BA23C9 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::432 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1774363237; cv=none; b=exeEOb/frtWuXudf5Qo4c6vLFGOuBc2n5k3eHzZhpAGQu4plmCOz3qDZNiDTXO5vUAto1uh/7WR/b2M0YLKQgDdUtRSVQwuLnnmaMNxlClmblz1cw16jc6q15wMIqBDc9gxzqc9L9Di+0/lgT+kNPBQyCslZg8J6bFM4sxBA4fA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1774363237; c=relaxed/simple; bh=YOxsjgdFiv6wX8zigmTw1BMGmyzPFu0HTvw0W+DLCck=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=RhQetg7APZMdrfc+K2nyfuUdbZDkpmRaHFkRadUI4Z53fuRJN82mXYEfRvMrx3qWcwToG1szXCBC0MVOqBqXZBYDLzcCLXuA2N01KRmpBsKqEdvzg8uxdmJ26/EZIKKiPuzCdPDZv/eADu6noI0huDSL+HT53cwy0Db3JJh2ijg= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5EBE74BA23C9 Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-8298fad2063so2748632b3a.3 for <binutils@sourceware.org>; Tue, 24 Mar 2026 07:40:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774363231; x=1774968031; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=dzxtMR3ZSWDN6SGpzXYTlZkRy1rrp0F9edNTleZYTBk=; b=glOsmuStlNI84vSXrIkNv1JELP+fEaVkOWSYoSXeEzU/F0OShoDid6pTJ0ovyTj6nX KdcEKHdNOVJB+saVJVWgRtOc6w+bIyrvzjrsONDEjwgf2fsq8OLRgNNUzEaXysrBu+v+ HY25FdWJF0N+FmS306+93AkF78G7SpNmqjxytmtRCfqAXaoZ1oTcJzDfHWj3IPKbMebg MA1Au9+qEFyIU52B5TKzWsjt6x28f1UxnqztibPIBykIJW2SvvWocEHt2/4fdgJZ8GeR ZWo6pTM1PuHaWT536mOcHGkrFwQqrkC0uOSUCn5hg5BbhuXGGwBxcPag2WXld7XGj0qI rsYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774363231; x=1774968031; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=dzxtMR3ZSWDN6SGpzXYTlZkRy1rrp0F9edNTleZYTBk=; b=W+4QOnqdc1JgZLC905z9Onx5Hw4/Oggvdbqwk+Z/h6hrDIJZ5NEcywl+NcOTvQKOM3 A5lH0t/W+EwkLugK6IpfqABAhnb88IHAnk6WcrM0lGCgOn2dBipgKVmsxZ5m6DgvbxJM twvxOTlLJSqSOk/LP/yup27VQyydaSCZdIm5v6N6w9OTh28H/vRf16lHYXS2Z1fXJ0Pn fcjQucd6TIY094jv3xvJA4I5P7ExUVvtdZbSYxoc/rZk5PoPjjDQ1xaNZ6RW+R2q6gb4 +/Y6qPpP47OxaYs1mWBR0kbLyiY8Ba95prwhdAQqFatntALeDUkoF2izr26xnm5qkw9U alzw== X-Gm-Message-State: AOJu0YyTzN+LDhLb7amA1oMJOLwg0EcQBNle3EGr7UZfn1NDPE7yhyrH 3HUTpaiObpaFupYF2+ZGWQ2S8vNSEwMrwJDpbEWX45cjR38Jrx5nqbqi X-Gm-Gg: ATEYQzxuu+fRwg7jE7jzDE2qh2OvcMWT68s3HcqMXH0uI3aHR5A/y/EfbeNvvGNt3hz 4GKKix4iVGn6vNuFNZbf3i1moC6zXXzqlm+5TmzE/e+ptBXvMxAJ8qijViLAeD5v1AKUO01ihAI NXdNHv1evwqLiWnoXCfqjfQ+3lwP1QvJVJBAs0AZOx9Le6qf6tFwaAawpvKkuYWTkgYoTzfAxFS GJ+5iDDX2WsP0aO0gjok9h2/sJw8/wBu1v5szRyc3ECnE1Ul/U9EgOxah19eMwGJLAJtIg8NM9B wR38pX65JivYxzC4IYFMa9bP+y6FCXgk65uLES4eTptFzK7vZwSC0b8JqI96XiZjYjVuROnH7W2 K5ctogfveChff54l73Wth7jmvvsNksGWvrll9Ojf3Xr+NvM8ByeFcAQnJ+TOrma8JT+xyo1Wofm A8kM6I8Y8p12JweuPJmW6yUJxuzRzOrl4kZKlwrKyo4Ez4Zg== X-Received: by 2002:a05:6a00:39a4:b0:82a:7ad8:75f2 with SMTP id d2e1a72fcca58-82a8c389716mr13637617b3a.56.1774363231023; Tue, 24 Mar 2026 07:40:31 -0700 (PDT) Received: from localhost.localdomain ([122.171.16.28]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82b0409c6besm14922544b3a.32.2026.03.24.07.40.28 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 24 Mar 2026 07:40:29 -0700 (PDT) From: Aditya Vidyadhar Kamath <akamath996@gmail.com> To: amodra@gmail.com Cc: binutils@sourceware.org, Aditya.Kamath1@ibm.com, sangamesh.swamy@in.ibm.com, Aditya Vidyadhar Kamath <aditya.kamath1@ibm.com> Subject: [RFC][PATCH] Fix AIX core file handling: prevent crashes during GDB quit Date: Tue, 24 Mar 2026 20:08:36 +0530 Message-ID: <20260324143835.39727-2-akamath996@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, GB_FREEMAIL_NUM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list <binutils.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>, <mailto:binutils-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/binutils/> List-Post: <mailto:binutils@sourceware.org> List-Help: <mailto:binutils-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>, <mailto:binutils-request@sourceware.org?subject=subscribe> Errors-To: binutils-bounces~patchwork=sourceware.org@sourceware.org |
| Series |
[RFC] Fix AIX core file handling: prevent crashes during GDB quit
|
|
Checks
| Context | Check | Description |
|---|---|---|
| linaro-tcwg-bot/tcwg_binutils_build--master-aarch64 | warning | Skipped because it is an RFC |
| linaro-tcwg-bot/tcwg_binutils_build--master-arm | warning | Skipped because it is an RFC |
Commit Message
Aditya Vidyadhar Kamath
March 24, 2026, 2:38 p.m. UTC
From: Aditya Vidyadhar Kamath <aditya.kamath1@ibm.com>
When quitting GDB after analyzing a core file, _bfd_coff_free_cached_info()
crashed with a segmentation fault.
We can see this problem when quit after debugging a large core file
in AIX 7.3.
Ex:
Program terminated with signal SIGSEGV, Segmentation fault.
from /opt/freeware/lib/libpython3.9.a(libpython3.9.so)
(gdb)q
Fatal signal: Segmentation fault
----- Backtrace -----
0x1009fbffb ???
0x1009fc11f ???
0x1005c3587 ???
0x1005c3833 ???
0x4fdf ???
The backtrace showed:
htab_delete(0x0000bc18) at 0x1000e2e4
_bfd_coff_free_cached_info(abfd = 0x20023a90) at 0xd02e5a58
bfd_cache_close(abfd = 0x20023a90) at 0xd02c0e7c
bfd_cache_close_all() at 0xd02c0f48
bfd_close_all_done(abfd = 0x20023a90) at 0xd02c1234
bfd_close(abfd = 0x20023a90) at 0xd02c1180
My understanding so is as follows:
1. AIX core files store a pointer to 'struct core_dumpxx' in abfd->tdata.any
2. COFF object files store a pointer to 'struct coff_data_type' in the same field
3. The condition checked: (bfd_get_format(abfd) == bfd_object ||
bfd_get_format(abfd) == bfd_core)
4. For core files, the code cast 'core_dumpxx *' to 'coff_data_type *'
5. It then tried to read 'section_by_target_index' hash table pointer
6. Reading from the wrong offset in core_dumpxx returned garbage (0xbc18)
7. This garbage pointer passed the NULL check but crashed in htab_delete()
I think the hash tables are only allocated when processing COFF symbols, which
never happens for core files.
This patch is a fix to the same.
---
bfd/coffgen.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Comments
On Tue, Mar 24, 2026 at 08:08:36PM +0530, Aditya Vidyadhar Kamath wrote: > 1. AIX core files store a pointer to 'struct core_dumpxx' in abfd->tdata.any > 2. COFF object files store a pointer to 'struct coff_data_type' in the same field Correct. However other COFF/PE core files can be read as for object files, for instance bfd/coff-x86_64.c has as part of its bfd_target: /* Note that we allow an object file to be treated as a core file as well. */ { /* bfd_check_format. */ _bfd_dummy_target, amd64coff_object_p, bfd_generic_archive_p, amd64coff_object_p }, This means a bfd_core will have the expected coff_data_type for x86_64, and thus > 3. The condition checked: (bfd_get_format(abfd) == bfd_object || > bfd_get_format(abfd) == bfd_core) is correct for x86_64 and other targets. xcoff is the odd one out here. The proper fix will involve an xcoff specific free_cached_info. void _bfd_xcoff_bfd_free_cached_info (bfd *abfd) { /* xcoff bfd_core does not have a coff_tdata. */ if (bfd_get_format (abfd) == bfd_object) return _bfd_coff_free_cached_info (abfd); return _bfd_generic_bfd_free_cached_info (abfd); } I have a patch in my tree which I'll push after testing, probably tomorrow.
diff --git a/bfd/coffgen.c b/bfd/coffgen.c index 030dbc1dc79..ca555647592 100644 --- a/bfd/coffgen.c +++ b/bfd/coffgen.c @@ -3310,8 +3310,7 @@ _bfd_coff_free_cached_info (bfd *abfd) struct coff_tdata *tdata; if (bfd_family_coff (abfd) - && (bfd_get_format (abfd) == bfd_object - || bfd_get_format (abfd) == bfd_core) + && (bfd_get_format (abfd) == bfd_object) && (tdata = coff_data (abfd)) != NULL) { if (tdata->section_by_index)