MIPS patch for crash during elf load
Lightning
lightningth@gmail.com
Tue Nov 23 04:52:15 GMT 2021
Text version of the patch being it was scrubbed on the mailing list, I
didn't expect the attachment to show up as non-text.
--- gdb-11.1.old/gdb/mdebugread.c 2021-07-03 10:41:09.000000000 -0700
+++ gdb-11.1/gdb/mdebugread.c 2021-11-19 20:57:23.662003100 -0800
@@ -2367,6 +2367,7 @@
to FDR -1. We`ll go along with that. */
gdb::def_vector<struct pst_map> fdr_to_pst_holder (hdr->ifdMax + 1);
fdr_to_pst = fdr_to_pst_holder.data ();
+ memset(fdr_to_pst, 0, sizeof(struct pst_map) * (hdr->ifdMax+1));
fdr_to_pst++;
{
legacy_psymtab *new_pst = new_psymtab ("", partial_symtabs, objfile);
On Mon, Nov 22, 2021 at 8:50 PM Lightning <lightningth@gmail.com> wrote:
> GDB has a bug with MIPS binaries where loading ones with a large number of
> global objects in the debug sections results in using uninitialized memory
> resulting in a crash. This was seen during a debug build of the following
> project: https://github.com/pmret/papermario
>
> I downloaded GDB 11.1 and compiled it with the following options:
> ./configure --target=mips-linux-gnu --program-prefix=mips-linux-gnu-
>
> My local gcc compiler is gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0
>
> I traced the issue down to the initialization of the fdt_to_pst buffer. It
> is initialized in gdb/mdebugread.c on line 2369 via a gdb::def_vector
> however the internal values are never cleared. On line 2403 a struct
> variable in this buffer is incremented for the number of globals. With
> enough globals and sections this can result in having invalid data in the
> global field causing a crash. In the above case it was stale pointer data.
> The fix is the attached patch, a simple memset after the buffer is
> initialized.
>
> Jewell
>
More information about the Gdb-patches
mailing list