Bug 23256 - Using GDB to patch a binary results in GDB crash
Summary: Using GDB to patch a binary results in GDB crash
Status: RESOLVED DUPLICATE of bug 20948
Alias: None
Product: gdb
Classification: Unclassified
Component: gdb (show other bugs)
Version: HEAD
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-03 19:03 UTC by Paul Pluzhnikov
Modified: 2018-06-04 10:59 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Pluzhnikov 2018-06-03 19:03:15 UTC 
This has been broken since ~forever.

echo "int main() { return 0; }" | gcc -xc - -g 
gdb --write ./a.out
GNU gdb (GDB) Fedora 8.1-15.fc28
...
Reading symbols from ./a.out...done.
(gdb) x/2i main
   0x400496 <main>:	mov    $0x0,%eax
   0x40049b <main+5>:	retq   

(gdb) set *(char*)0x400496 = 0xCC
(gdb) q
Segmentation fault (core dumped)  << a.out is not patched

Trying again:

Reading symbols from ./a.out...done.
(gdb) set *(char*)0x400496 = 0xCC
(gdb) x/2i main
   0x400496 <main>:	int3   
   0x400497 <main+1>:	add    %al,(%rax)
(gdb) q
Segmentation fault (core dumped)  << a.out is patched.
Comment 1 Paul Pluzhnikov 2018-06-03 19:27:30 UTC 
Using current trunk (b15fe636afad8bfef76940823bed96f2c1860c30):

(gdb) set *(char*)0x5fa = 0xcc
(gdb) q

Program received signal SIGSEGV, Segmentation fault.
_bfd_elf_strtab_finalize (tab=0x0) at ../../bfd/elf-strtab.c:367
367	  amt *= sizeof (struct elf_strtab_hash_entry *);
(gdb-top) bt
#0  _bfd_elf_strtab_finalize (tab=0x0) at ../../bfd/elf-strtab.c:367
#1  0x0000555555a0b8a7 in _bfd_elf_assign_file_positions_for_non_load (abfd=0x5555563de170) at ../../bfd/elf.c:6363
#2  _bfd_elf_write_object_contents (abfd=0x5555563de170) at ../../bfd/elf.c:6399
#3  0x00005555559ecf0a in bfd_close (abfd=abfd@entry=0x5555563de170) at ../../bfd/opncls.c:731
#4  0x000055555587318c in gdb_bfd_close_or_warn (abfd=0x5555563de170) at ../../gdb/gdb_bfd.c:511
#5  gdb_bfd_unref (abfd=0x5555563de170) at ../../gdb/gdb_bfd.c:615
#6  0x000055555577e7a9 in exec_close () at ../../gdb/exec.c:115
#7  0x000055555577e852 in exec_target::close (this=<optimized out>) at ../../gdb/exec.c:142
#8  0x00005555559610f2 in target_close (targ=<optimized out>) at ../../gdb/target.c:3379
#9  0x00005555559611f8 in unpush_target (t=<optimized out>) at ../../gdb/target.c:711
#10 0x0000555555961249 in unpush_target_and_assert (target=0x555556121840 <exec_ops>) at ../../gdb/target.c:721
#11 0x00005555559612ed in pop_all_targets_above (above_stratum=dummy_stratum) at ../../gdb/target.c:735
#12 pop_all_targets () at ../../gdb/target.c:750
#13 0x0000555555973e00 in quit_force (exit_arg=exit_arg@entry=0x0, from_tty=from_tty@entry=1) at ../../gdb/top.c:1625
#14 0x00005555556f1e09 in quit_command (args=<optimized out>, from_tty=1) at ../../gdb/cli/cli-cmds.c:349
#15 0x00005555556f7f02 in cmd_func (cmd=<optimized out>, args=<optimized out>, from_tty=<optimized out>) at ../../gdb/cli/cli-decode.c:1857
#16 0x0000555555972e95 in execute_command (p=<optimized out>, p@entry=0x5555564295d0 "q", from_tty=1) at ../../gdb/top.c:630
#17 0x000055555586363c in command_handler (command=0x5555564295d0 "q") at ../../gdb/event-top.c:583
#18 0x00005555558639aa in command_line_handler (rl=<optimized out>) at ../../gdb/event-top.c:774
#19 0x000055555586283c in gdb_rl_callback_handler (rl=0x555556429930 "") at ../../gdb/event-top.c:213
#20 0x00005555559cdbcf in rl_callback_read_char () at ../../readline/callback.c:220
#21 0x0000555555862786 in gdb_rl_callback_read_char_wrapper_noexcept () at ../../gdb/event-top.c:175
#22 0x00005555558627e9 in gdb_rl_callback_read_char_wrapper (client_data=<optimized out>) at ../../gdb/event-top.c:192
#23 0x0000555555862d10 in stdin_event_handler (error=<optimized out>, client_data=0x5555561591d0) at ../../gdb/event-top.c:511
#24 0x0000555555861ae5 in gdb_wait_for_event (block=block@entry=1) at ../../gdb/event-loop.c:859
#25 0x0000555555861c52 in gdb_do_one_event () at ../../gdb/event-loop.c:347
#26 0x0000555555861dce in gdb_do_one_event () at ../../gdb/event-loop.c:304
#27 start_event_loop () at ../../gdb/event-loop.c:371
#28 0x00005555558c4e38 in captured_command_loop () at ../../gdb/main.c:330
#29 0x00005555558c5ded in captured_main (data=<optimized out>) at ../../gdb/main.c:1157
#30 gdb_main (args=<optimized out>) at ../../gdb/main.c:1173
#31 0x0000555555670d0b in main (argc=<optimized out>, argv=<optimized out>) at ../../gdb/gdb.c:32
Comment 2 Paul Pluzhnikov 2018-06-03 19:41:04 UTC 
Patching isn't necessary for this crash to show up. Simply running with

  gdb --write -ex quit ./a.out

is enough:

 ./gdb/gdb --write -ex quit /tmp/a.out
Python Exception <type 'exceptions.ImportError'> No module named gdb:
./gdb/gdb: warning:
Could not load the Python gdb module from `/usr/local/share/gdb/python'.
Limited Python support is available from the _gdb module.
Suggest passing --data-directory=/path/to/gdb/data-directory.

GNU gdb (GDB) 8.1.50.20180603-git
...
Reading symbols from /tmp/a.out...done.
Segmentation fault
Comment 3 Pedro Alves 2018-06-04 10:59:21 UTC 
Hi Paul, see the other bug.

*** This bug has been marked as a duplicate of bug 20948 ***