[PR,corefiles/32441] Fix segfault if target_fileio_read_alloc fails
Checks
Context |
Check |
Description |
linaro-tcwg-bot/tcwg_gdb_build--master-aarch64 |
success
|
Build passed
|
linaro-tcwg-bot/tcwg_gdb_build--master-arm |
success
|
Build passed
|
linaro-tcwg-bot/tcwg_gdb_check--master-arm |
success
|
Test passed
|
linaro-tcwg-bot/tcwg_gdb_check--master-aarch64 |
success
|
Test passed
|
Commit Message
Check for target_fileio_read_alloc failure in linux_fill_prpsinfo
before dereferencing buffer. This fixes a segfault in the 'gcore'
command when attached to certain remote targets.
---
This is my first contribution to GDB, and my first use of
git-send-email, so please let me know if this is formatted
incorrectly! I initially submitted the bug and a v1 patch at
https://sourceware.org/bugzilla/show_bug.cgi?id=32441 and received the
following from Thiago Bauermann:
> Thank you for the patch. In general it looks good to me, just a couple of minor
> comments:
>
> 1. Since target_fileio_read_alloc () returns LONGEST, I think it's better if
> the buf_len variable also has that type.
I decided to stick with ssize_t for the variable, as this matches the
usage elsewhere in linux-tdep.c in linux_info_proc (which already was
correctly checking the length).
> 2. GDB is (very) slowly transitioning from C to C++. We currently prefer to use
> nullptr rather than NULL, so I suggest using this patch as an opportunity to
> change NULL to nullptr in lines 1876, 1877 and 1879.
I made the requested NULL -> nullptr changes.
Let me know if this is good or if I need to make any changes in my
workflow to adhere to GNU or gdb project conventions.
gdb/linux-tdep.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--
2.46.0
Comments
Hi Brandon,
Sorry for the late reply. Again, feel free to ping it if it takes over a week without
a reply.
On 12/20/24 22:17, brandon.belew wrote:
> Check for target_fileio_read_alloc failure in linux_fill_prpsinfo
> before dereferencing buffer. This fixes a segfault in the 'gcore'
> command when attached to certain remote targets.
> ---
> This is my first contribution to GDB, and my first use of
> git-send-email, so please let me know if this is formatted
> incorrectly! I initially submitted the bug and a v1 patch at
> https://sourceware.org/bugzilla/show_bug.cgi?id=32441 and received the
> following from Thiago Bauermann:
Formatting-wise, The commit message goes into the patch itself. See other examples
on the list.
Also, since you've opened a bug, we have hooks to refer to the bug. For instance,
for commit ca263aec20adfffe6f9dab3a18f8a7b24667f99c.
PR testsuite/32489
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=32489
>
>> Thank you for the patch. In general it looks good to me, just a couple of minor
>> comments:
>>
>> 1. Since target_fileio_read_alloc () returns LONGEST, I think it's better if
>> the buf_len variable also has that type.
>
> I decided to stick with ssize_t for the variable, as this matches the
> usage elsewhere in linux-tdep.c in linux_info_proc (which already was
> correctly checking the length).
>
>> 2. GDB is (very) slowly transitioning from C to C++. We currently prefer to use
>> nullptr rather than NULL, so I suggest using this patch as an opportunity to
>> change NULL to nullptr in lines 1876, 1877 and 1879.
>
> I made the requested NULL -> nullptr changes.
>
> Let me know if this is good or if I need to make any changes in my
> workflow to adhere to GNU or gdb project conventions.
>
> gdb/linux-tdep.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/gdb/linux-tdep.c b/gdb/linux-tdep.c
> index d3452059ce2..c10c4c76451 100644
> --- a/gdb/linux-tdep.c
> +++ b/gdb/linux-tdep.c
> @@ -1867,17 +1867,17 @@ linux_fill_prpsinfo (struct elf_internal_linux_prpsinfo *p)
> /* The number of fields read by `sscanf'. */
> int n_fields = 0;
>
> - gdb_assert (p != NULL);
> + gdb_assert (p != nullptr);
>
> /* Obtaining PID and filename. */
> pid = inferior_ptid.pid ();
> xsnprintf (filename, sizeof (filename), "/proc/%d/cmdline", (int) pid);
> /* The full name of the program which generated the corefile. */
> - gdb_byte *buf = NULL;
> - size_t buf_len = target_fileio_read_alloc (NULL, filename, &buf);
> + gdb_byte *buf = nullptr;
> + ssize_t buf_len = target_fileio_read_alloc (nullptr, filename, &buf);
> gdb::unique_xmalloc_ptr<char> fname ((char *)buf);
>
> - if (buf_len < 1 || fname.get ()[0] == '\0')
> + if (buf_len < 1 || fname.get () == nullptr || fname.get ()[0] == '\0')
> {
> /* No program name was read, so we won't be able to retrieve more
> information about the process. */
> --
> 2.46.0
The change itself looks OK to me. I'd like another pair of eyes to look at
it before we approve it. I think this can go in as a trivial change when it
gets approved.
Reviewed-By: Luis Machado <luis.machado@arm.com>
Thank you Luis for reviewing and responding to my comments in IRC! Just a few
more questions:
Luis Machado <luis.machado@arm.com> writes:
> On 12/20/24 22:17, brandon.belew wrote:
>> Check for target_fileio_read_alloc failure in linux_fill_prpsinfo
>> before dereferencing buffer. This fixes a segfault in the 'gcore'
>> command when attached to certain remote targets.
>> ---
>> This is my first contribution to GDB, and my first use of
>> git-send-email, so please let me know if this is formatted
>> incorrectly! I initially submitted the bug and a v1 patch at
>> https://sourceware.org/bugzilla/show_bug.cgi?id=32441 and received the
>> following from Thiago Bauermann:
>
> Formatting-wise, The commit message goes into the patch itself. See other examples
> on the list.
It was my understanding of git-format-patch / git-send-email (and in
reverse, git-am) that the commit message would be taken from everything
up to the '---'. Then everything between the '---' and the actual diff
was considered "timely commentary" and would not be present in the
commit message. This typically contains the diffstat output but also is
used for commentary on the patch that shouldn't go into the commit
itself.
As described in https://git-scm.com/docs/git-format-patch:
> Typically it will be placed in a MUA’s drafts folder, edited to add
> timely commentary that should not go in the changelog ***after the
> three dashes*** [emphasis added]
And also as described at
https://spacekookie.de/blog/collaborating-with-git-send-email/:
> Another often overlooked feature here is "timely commentary", are
> comments in the patch e-mail that won't be part of the patch or the
> commit message itself. They can be made after the --- marker in a
> patch mail, but before the actual patch starts. This section is
> usually used for the diff-stat of that particular patch.
I tried sending the patch email to myself before I sent it to the list,
piping it to `git-am`, and it correctly applied the commit without my
"timely commentary", so I was pretty convinced I had formatted it
correctly.
Do you get something different when you `git am` my message? If so, can
you be more specific about how I need to reformat the email?
> Also, since you've opened a bug, we have hooks to refer to the bug. For instance,
> for commit ca263aec20adfffe6f9dab3a18f8a7b24667f99c.
>
> PR testsuite/32489
> Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=32489
I'm confused about this - are you asking or suggesting that I format my
message in a different way to take advantage of these hooks? Where are
the hooks applied?
> The change itself looks OK to me. I'd like another pair of eyes to look at
> it before we approve it. I think this can go in as a trivial change when it
> gets approved.
>
> Reviewed-By: Luis Machado <luis.machado@arm.com>
Thank again for your review and help!
~Brandon
"brandon.belew" <brandon.belew@zetier.com> writes:
> Check for target_fileio_read_alloc failure in linux_fill_prpsinfo
> before dereferencing buffer. This fixes a segfault in the 'gcore'
> command when attached to certain remote targets.
> ---
> This is my first contribution to GDB, and my first use of
> git-send-email, so please let me know if this is formatted
> incorrectly! I initially submitted the bug and a v1 patch at
> https://sourceware.org/bugzilla/show_bug.cgi?id=32441 and received the
> following from Thiago Bauermann:
>
>> Thank you for the patch. In general it looks good to me, just a couple of minor
>> comments:
>>
>> 1. Since target_fileio_read_alloc () returns LONGEST, I think it's better if
>> the buf_len variable also has that type.
>
> I decided to stick with ssize_t for the variable, as this matches the
> usage elsewhere in linux-tdep.c in linux_info_proc (which already was
> correctly checking the length).
I think you should reconsider here. The function returns LONGEST, so
that's what should be used. GDB's general policy is to fix little
bugs like this as the code gets touched for other reasons.
Otherwise, I agree with Luis, this looks great. If you repost with the
description in the commit message we can get this merged.
Thanks,
Andrew
>
>> 2. GDB is (very) slowly transitioning from C to C++. We currently prefer to use
>> nullptr rather than NULL, so I suggest using this patch as an opportunity to
>> change NULL to nullptr in lines 1876, 1877 and 1879.
>
> I made the requested NULL -> nullptr changes.
>
> Let me know if this is good or if I need to make any changes in my
> workflow to adhere to GNU or gdb project conventions.
>
> gdb/linux-tdep.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/gdb/linux-tdep.c b/gdb/linux-tdep.c
> index d3452059ce2..c10c4c76451 100644
> --- a/gdb/linux-tdep.c
> +++ b/gdb/linux-tdep.c
> @@ -1867,17 +1867,17 @@ linux_fill_prpsinfo (struct elf_internal_linux_prpsinfo *p)
> /* The number of fields read by `sscanf'. */
> int n_fields = 0;
>
> - gdb_assert (p != NULL);
> + gdb_assert (p != nullptr);
>
> /* Obtaining PID and filename. */
> pid = inferior_ptid.pid ();
> xsnprintf (filename, sizeof (filename), "/proc/%d/cmdline", (int) pid);
> /* The full name of the program which generated the corefile. */
> - gdb_byte *buf = NULL;
> - size_t buf_len = target_fileio_read_alloc (NULL, filename, &buf);
> + gdb_byte *buf = nullptr;
> + ssize_t buf_len = target_fileio_read_alloc (nullptr, filename, &buf);
> gdb::unique_xmalloc_ptr<char> fname ((char *)buf);
>
> - if (buf_len < 1 || fname.get ()[0] == '\0')
> + if (buf_len < 1 || fname.get () == nullptr || fname.get ()[0] == '\0')
> {
> /* No program name was read, so we won't be able to retrieve more
> information about the process. */
> --
> 2.46.0
Andrew Burgess <aburgess@redhat.com> writes:
> I think you should reconsider here. The function returns LONGEST, so
> that's what should be used. GDB's general policy is to fix little
> bugs like this as the code gets touched for other reasons.
Thanks Andrew! I'll go back and look at the LONGEST return value and get
back to you on that with an updated patch. To be clear, you want the
other function that was already using ssize_t for the return fixed as
well?
> Otherwise, I agree with Luis, this looks great. If you repost with the
> description in the commit message we can get this merged.
I replied to Luis' message with some further questions about
formatting. For reference, my original reply has a Message-ID of
hwjgya7c6ulo46.fsf@brandonb.zetier.com. I'll redo those questions here:
It was my understanding of git-format-patch / git-send-email (and in
reverse, git-am) that the commit message would be taken from everything
up to the '---'. Then everything between the '---' and the actual diff
was considered "timely commentary" and would not be present in the
commit message. This typically contains the diffstat output but also is
used for commentary on the patch that shouldn't go into the commit
itself.
As described in https://git-scm.com/docs/git-format-patch:
> Typically it will be placed in a MUA’s drafts folder, edited to add
> timely commentary that should not go in the changelog ***after the
> three dashes*** [emphasis added]
And also as described at
https://spacekookie.de/blog/collaborating-with-git-send-email/:
> Another often overlooked feature here is "timely commentary", are
> comments in the patch e-mail that won't be part of the patch or the
> commit message itself. They can be made after the --- marker in a
> patch mail, but before the actual patch starts. This section is
> usually used for the diff-stat of that particular patch.
I tried sending the patch email to myself before I sent it to the list,
piping it to `git-am`, and it correctly applied the commit without my
"timely commentary", so I was pretty convinced I had formatted it
correctly.
Do you get something different when you `git am` my message? If so, can
you be more specific about how I need to reformat the email?
Thanks!
~Brandon
@@ -1867,17 +1867,17 @@ linux_fill_prpsinfo (struct elf_internal_linux_prpsinfo *p)
/* The number of fields read by `sscanf'. */
int n_fields = 0;
- gdb_assert (p != NULL);
+ gdb_assert (p != nullptr);
/* Obtaining PID and filename. */
pid = inferior_ptid.pid ();
xsnprintf (filename, sizeof (filename), "/proc/%d/cmdline", (int) pid);
/* The full name of the program which generated the corefile. */
- gdb_byte *buf = NULL;
- size_t buf_len = target_fileio_read_alloc (NULL, filename, &buf);
+ gdb_byte *buf = nullptr;
+ ssize_t buf_len = target_fileio_read_alloc (nullptr, filename, &buf);
gdb::unique_xmalloc_ptr<char> fname ((char *)buf);
- if (buf_len < 1 || fname.get ()[0] == '\0')
+ if (buf_len < 1 || fname.get () == nullptr || fname.get ()[0] == '\0')
{
/* No program name was read, so we won't be able to retrieve more
information about the process. */