Bug 32441 - gdb segfaults when generating a core file if target_fileio_read_alloc fails
Summary: gdb segfaults when generating a core file if target_fileio_read_alloc fails
Status: UNCONFIRMED
Alias: None
Product: gdb
Classification: Unclassified
Component: corefiles (show other bugs)
Version: 15.1
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-12-10 20:01 UTC by Brandon Belew
Modified: 2024-12-17 23:26 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
patch for gcore crash when target_fileio_read_alloc fails (437 bytes, patch)
2024-12-10 20:01 UTC, Brandon Belew 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brandon Belew 2024-12-10 20:01:49 UTC 
Created attachment 15834 [details]
patch for gcore crash when target_fileio_read_alloc fails

Starting in commit fa1c74b22aa8c465974ddf792395d8e313199a52, which was first included in GDB 15, the "gcore" command will segfault in linux-tdep.c at the start of the `linux_fill_prpsinfo` function if `target_fileio_read_alloc` fails to read `/proc/PID/cmdline`. This fails for instance when attached to a remote target, like the qemu-user gdbstub. 

There are a few reasons for this: the return value is stored in a (unsigned) size_t and compared `< 1` but the function can return -1 on failure, so the result should be stored in a (signed) ssize_t instead. Furthermore, the buf is never compared to NULL before dereferencing to see if the first byte is zero. 

I've included a simple patch that fixes the issue. 

This was initially encountered on an Ubuntu 18.04 x86_64 host, having compiled the official GDB 15.2 release source with `--enable-targets=all`. After having `sudo apt install build-essential gcc-8-arm-linux-gnueabi binutils-arm-linux-gnueabi qemu-user`, compile a simple test executable and run it with qemu with 

```
echo 'int main() { return 0;}' | arm-linux-gnueabi-gcc-8 -o test -xc - 
qemu-arm -g 1234 -L /usr/arm-linux-gnueabi test
```

Then start gdb, attach to the remote target, and issue a gcore command: 
```
(gdb) target remote localhost:1234
(gdb) gcore /tmp/test.core
SEGFAULT
```
Comment 1 Thiago Jung Bauermann 2024-12-17 23:26:28 UTC 
Hello Brandon,

Thank you for the patch. In general it looks good to me, just a couple of minor comments:

1. Since target_fileio_read_alloc () returns LONGEST, I think it's better if the buf_len variable also has that type.

2. GDB is (very) slowly transitioning from C to C++. We currently prefer to use nullptr rather than NULL, so I suggest using this patch as an opportunity to change NULL to nullptr in lines 1876, 1877 and 1879.

Finally, patches should be sent to gdb-patches@sourceware.org. It'll have much more visibility among GDB developers, and also an automated CI system watches the list and tests patches posted there. So I suggest you post a v2 to the mailing list.