29747 – Crash when stepping over printf without debug symbols

Bug 29747 - Crash when stepping over printf without debug symbols

Summary: Crash when stepping over printf without debug symbols

Status:	RESOLVED FIXED

Alias:	None

Product:	gdb
Classification:	Unclassified
Component:	gdb (show other bugs)
Version:	HEAD

Importance:	P2 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-11-03 13:46 UTC by Simon Marchi
Modified:	2022-11-10 09:48 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Simon Marchi 2022-11-03 13:46:07 UTC

$ cat test.c
#include <stdio.h>

int main()
{
  printf("Hi\n");
  return 0;
}
$ gcc test.c -O0 -o test 
$ ./gdb -q -nx --data-directory=data-directory test -ex start -ex s
Reading symbols from test...
(No debugging symbols found in test)
Temporary breakpoint 1 at 0x1151
Starting program: /home/smarchi/build/binutils-gdb/gdb/test 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Temporary breakpoint 1, 0x0000555555555151 in main ()
Single stepping until exit from function main,
which has no line number information.
/home/smarchi/src/binutils-gdb/gdb/infrun.c:6960:64: runtime error: member call on null pointer of type 'struct symbol'

The crash happens here:

#0  __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:50
#1  0x00007ffff5dd7128 in __ubsan::__ubsan_handle_type_mismatch_v1_abort (Data=<optimized out>, Pointer=<optimized out>) at ../../../../src/libsanitizer/ubsan/ubsan_handlers.cpp:148
#2  0x000055556183e1a7 in process_event_stop_test (ecs=0x7fffffffccd0) at /home/smarchi/src/binutils-gdb/gdb/infrun.c:6960
#3  0x0000555561838ea4 in handle_signal_stop (ecs=0x7fffffffccd0) at /home/smarchi/src/binutils-gdb/gdb/infrun.c:6615
#4  0x000055556182f77b in handle_inferior_event (ecs=0x7fffffffccd0) at /home/smarchi/src/binutils-gdb/gdb/infrun.c:5866


In this code:

  if (execution_direction != EXEC_REVERSE
      && ecs->event_thread->control.step_over_calls == STEP_OVER_UNDEBUGGABLE
      && in_solib_dynsym_resolve_code (ecs->event_thread->stop_pc ())
      && !in_solib_dynsym_resolve_code (
	  ecs->event_thread->control.step_start_function->value_block ()
	      ->entry_pc ()))

ecs->event_thread->control.step_start_function is nullptr and gets dereferenced.

Comment 1 Lancelot SIX 2022-11-03 15:59:35 UTC

This issue does not exist on the gdb-12-release branch.

Running git-bisect gives me that the this problem appeared with:  be6276e0aed "Allow debugging of runtime loader / dynamic linker".

I can confirm that reverting this patch fixes this particular problem.  I guess that we might want to have this fixed before gdb-13 release.

Comment 2 Lancelot SIX 2022-11-04 20:50:17 UTC

A possible fix has been sent at https://sourceware.org/pipermail/gdb-patches/2022-November/193415.html

Comment 3 Lancelot SIX 2022-11-10 09:48:21 UTC

Fixed in bafcc335266708d5fd62159df90d139d00666ca8