[Bug backtrace/21600] New: Fail to detect invalid FDE header, can exhaust gdb process's virtual memory and terminate debug session

kanglictf at gmail dot com sourceware-bugzilla@sourceware.org
Thu Jun 15 02:22:00 GMT 2017


https://sourceware.org/bugzilla/show_bug.cgi?id=21600

            Bug ID: 21600
           Summary: Fail to detect invalid FDE header, can exhaust gdb
                    process's virtual memory and terminate debug session
           Product: gdb
           Version: HEAD
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: backtrace
          Assignee: unassigned at sourceware dot org
          Reporter: kanglictf at gmail dot com
  Target Milestone: ---

GDB fails to catch an invalid length informaiton in dwarf debug frame FDE
headers. A carefully created ELF file or core file can cause gdb to terminate
the debug session due to memory exhausted error.

This bug was found by Kang Li <kanglictf@gmail.com> and Yue Yin
<yinyueacm@gmail.com>.  We also thank Guodong Zhu for help troubleshooting.

This bug was found and verified on 32-bit Ubuntu 14.04 LTS (and tested on
Ubuntu 12.04.5 as well)

The software was checkout from git://sourceware.org/git/binutils-gdb.git  on
2017/06/14
and the latest commit f7e16c2a9cc405707e646e951397938d2b4eea48

The package was built with gcc 4.8.3 .


* Two ways to reproduce the error

  Method A:

  1. Use gdb to open a malformed core file (file cb and core are in attachment)
  $ gdb cb core

  2. after sometime, gdb will show virtual memory exhausted error. 


  Method B:

  1. Use gdb to load a malformed ELF binary (file trouble_bin is in attachment)
  $ gdb trouble_bin

  2. Set a breakpoint. It does not matter where as long as it will be hit at
run time.
     In this example, we put a breakpoint at the start of .init section.

  (gdb) br *0x80482b0           

  3. run and gdb will show virtual memory exhausted error after it hit a
breakpoint.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Gdb-prs mailing list