[Bug gdb/24364] New: Segmentation Fault loading 64-bit ELF binary

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug gdb/24364] New: Segmentation Fault loading 64-bit ELF binary

konrad.schwarz at siemens dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=24364

            Bug ID: 24364
           Summary: Segmentation Fault loading 64-bit ELF binary
           Product: gdb
           Version: 8.2
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: josh at m9development dot com
  Target Milestone: ---

Created attachment 11689
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11689&action=edit
BT command from crash and several faulting test cases.

I used AFL fuzz to compile GDB from source and fuzz with a minimal test case -
essentially a "hello world" 64 bit binary on Linux. After a few days of
fuzzing, several unique crashes were observed, although they all appear to have
the same root cause. I checked out GDB (binutils) from source and compiled with
AFL-GCC. Versions are as follows:

OS: Ubuntu 16.04 LTS
Output from uname: 4.8.0-36-generic #36~16.04.1-Ubuntu SMP Sun Feb 5 09:39:57
UTC 2017
GCC version 5.4.0 20160609 (although I'm not sure if AFL uses this or a
different version)
GDB configured as "x86_64-pc-linux-gnu"
GDB version 8.2.50.20190205-git

I've attached a zip that contains the faulting test cases and a text file with
the call stack at the time of the crash (bt command results). Test cases
execute without problem outside of a debugger, when attempting to run the test
cases with GDB it crashes during the parsing of the binary.

This is my first bug report, please let me know if you need any further
information, if this is not an issue or if this is the wrong place! The error
does seem to reside in the BFD library. However, I'm not very familiar with GDB
internals nor the BFD library so I haven't found as much time as I'd have liked
to dig deeper into this crash before reporting.

Thank you for your time,
Josh Stroschein

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug gdb/24364] Segmentation Fault loading 64-bit ELF binary

konrad.schwarz at siemens dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=24364

Tom Tromey <tromey at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tromey at sourceware dot org

--- Comment #1 from Tom Tromey <tromey at sourceware dot org> ---
The stack looks like the failure is in the dtrace probe code:

(gdb) bt
#0  dtrace_process_dof (sect=0x14574c0, dof=0x0, probesp=0x1472650,
objfile=0x1457c00)
    at dtrace-probe.c:531

... which isn't actually in BFD, so FWIW this bug is filed
in the right place.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug gdb/24364] Segmentation Fault loading 64-bit ELF binary

konrad.schwarz at siemens dot com
In reply to this post by konrad.schwarz at siemens dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=24364

Paul Pluzhnikov <ppluzhnikov at google dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ppluzhnikov at google dot com
           Assignee|unassigned at sourceware dot org   |ppluzhnikov at google dot com

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug gdb/24364] Segmentation Fault loading 64-bit ELF binary

konrad.schwarz at siemens dot com
In reply to this post by konrad.schwarz at siemens dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=24364

Paul Pluzhnikov <ppluzhnikov at google dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |ASSIGNED
   Last reconfirmed|                            |2019-06-16
     Ever confirmed|0                           |1

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug gdb/24364] Segmentation Fault loading 64-bit ELF binary

konrad.schwarz at siemens dot com
In reply to this post by konrad.schwarz at siemens dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=24364

--- Comment #2 from Paul Pluzhnikov <ppluzhnikov at google dot com> ---
I think this is the correct fix for it:

diff --git a/gdb/dtrace-probe.c b/gdb/dtrace-probe.c
index 52973784e9..f03a1cf376 100644
--- a/gdb/dtrace-probe.c
+++ b/gdb/dtrace-probe.c
@@ -856,13 +856,14 @@ dtrace_static_probe_ops::get_probes

          /* Read the contents of the DOF section and then process it to
             extract the information of any probe defined into it.  */
-         if (!bfd_malloc_and_get_section (abfd, sect, &dof))
+         if (bfd_malloc_and_get_section (abfd, sect, &dof))
+           dtrace_process_dof (sect, objfile, probesp,
+                               (struct dtrace_dof_hdr *) dof);
+         else
            complaint (_("could not obtain the contents of"
                         "section '%s' in objfile `%s'."),
                       sect->name, abfd->filename);
-
-         dtrace_process_dof (sect, objfile, probesp,
-                             (struct dtrace_dof_hdr *) dof);
+
          xfree (dof);
        }
     }

I'll mail it to gdb-patches shortly.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug gdb/24364] Segmentation Fault loading 64-bit ELF binary

konrad.schwarz at siemens dot com
In reply to this post by konrad.schwarz at siemens dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=24364

--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Paul Pluzhnikov
<[hidden email]>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba9777bef059df0926ad5dd6813d5785cb652ccf

commit ba9777bef059df0926ad5dd6813d5785cb652ccf
Author: Paul Pluzhnikov <[hidden email]>
Date:   Mon Jun 17 10:49:15 2019 -0700

    PR gdb/24364: Don't call dtrace_process_dof with NULL dof.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug gdb/24364] Segmentation Fault loading 64-bit ELF binary

konrad.schwarz at siemens dot com
In reply to this post by konrad.schwarz at siemens dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=24364

Tom Tromey <tromey at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED
   Target Milestone|---                         |9.1

--- Comment #4 from Tom Tromey <tromey at sourceware dot org> ---
Fixed.

--
You are receiving this mail because:
You are on the CC list for the bug.