This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch] nto target: fix null pointer dereference


Ulrich Weigand wrote:
Aleksandar Ristovski wrote:

diff -u -p -r1.25 nto-tdep.c
--- gdb/nto-tdep.c	23 Jul 2008 13:36:00 -0000	1.25
+++ gdb/nto-tdep.c	12 Aug 2008 16:33:18 -0000
@@ -266,6 +266,8 @@ LM_ADDR (struct so_list *so)
{
  struct link_map_offsets *lmo = nto_fetch_link_map_offsets ();

+  if (so->lm_info->lm == NULL)
+	return 0;
  return extract_typed_address (so->lm_info->lm + lmo->l_addr_offset,
                                builtin_type_void_data_ptr);
}

I'm wondering how this can ever be NULL ... I understand nto reuses the solib-svr4.c version of current_sos, which seems to always initalize the lm member.

Can you explain what the situation is that leads to a NULL
pointer here?



Your question made me go through the issue again.

To create inferior, we use spawnp. spawnp will do something like mmap the binary and that's pretty much it (DT_DEBUG in .dynamic will contain NULL pointer).

in procfs_create_inferior we call solib_create_inferior_hook, which will end up trying to determine loader base by reading inferior's memory at DT_DEBUG pointer. In our case, before the executable actually started executing, it will successfully read 0s, because dynamic loader has not been invoked yet, and the pointer to r_debug structure is not initialized.


Thanks,


Aleksandar


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]