Bug 15174 - gdb run as root: untrusted .gdbinit causes malloc arena corruption crash
Summary: gdb run as root: untrusted .gdbinit causes malloc arena corruption crash
Status: RESOLVED INVALID
Alias: None
Product: gdb
Classification: Unclassified
Component: gdb (show other bugs)
Version: 7.5
: P2 minor
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-22 14:59 UTC by bugz
Modified: 2013-02-22 18:35 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Full backtrace (1.69 KB, application/octet-stream)
2013-02-22 14:59 UTC, bugz 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description bugz 2013-02-22 14:59:30 UTC 
Created attachment 6888 [details]
Full backtrace

When running gdb as root, the existence of ~/.gdbinit (untrusted) causes gdb to crash with a duplicate free or other heap corruption.

Workaround: "mv ~/.gdbinit ~/gdbinit".

See attachment for full backtrace. 

# gdb xxx
GNU gdb (GDB) 7.5-ubuntu
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...

warning: not using untrusted file "/users/joeuser/.gdbinit"
*** glibc detected *** /usr/bin/gdb: double free or corruption (!prev): 0x0000000000f25940 ***
Comment 1 Tom Tromey 2013-02-22 16:20:17 UTC 
(In reply to comment #0)

> GNU gdb (GDB) 7.5-ubuntu

I think this is probably specific to Ubuntu, maybe caused
by one of the patches they apply.

I tried this on my Fedora box using CVS HEAD gdb, and also
the upstream gdb 7.5 build, and it worked fine.

Could you try an upstream gdb?
If it still fails for you, we can try to get a more useful
stack trace.
If it doesn't fail, then I guess we can close this bug.
Comment 2 dave 2013-02-22 16:30:55 UTC 
I'll bet you're right. Let me build the official 7.5 sources myself and see what happens. I'll let you know.

Thanks... Dave 

-----Original Message-----
From: tromey at redhat dot com [mailto:sourceware-bugzilla@sourceware.org] 
Sent: Friday, February 22, 2013 11:20 AM
To: bugz@barachs.net
Subject: [Bug gdb/15174] gdb run as root: untrusted .gdbinit causes malloc arena corruption crash

http://sourceware.org/bugzilla/show_bug.cgi?id=15174

Tom Tromey <tromey at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |WAITING
                 CC|                            |tromey at redhat dot com

--- Comment #1 from Tom Tromey <tromey at redhat dot com> 2013-02-22 16:20:17 UTC ---
(In reply to comment #0)

> GNU gdb (GDB) 7.5-ubuntu

I think this is probably specific to Ubuntu, maybe caused
by one of the patches they apply.

I tried this on my Fedora box using CVS HEAD gdb, and also
the upstream gdb 7.5 build, and it worked fine.

Could you try an upstream gdb?
If it still fails for you, we can try to get a more useful
stack trace.
If it doesn't fail, then I guess we can close this bug.
Comment 3 dave 2013-02-22 16:44:43 UTC 
As you wrote, gdb-7.5 built from the upstream repo works fine. Sorry for the annoyance...

Thanks... Dave
Comment 4 Tom Tromey 2013-02-22 18:35:08 UTC 
(In reply to comment #3)
> As you wrote, gdb-7.5 built from the upstream repo works fine. Sorry for the
> annoyance...

It is no trouble.  It isn't always obvious what bugs are from downstream
patches.