[PATCH] Fix segfaults in dwarf array pointer subscripting when -vvv is specified

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] Fix segfaults in dwarf array pointer subscripting when -vvv is specified

Yichun Zhang
location_context::new_symref() forgot to initialize sym->tok which led
to NULL e->tok pointers.

Thanks to Mozilla rr for greatly simplifying debugging this issue.

Added some tests to cover this fix.
---
 loc2stap.cxx                                |  1 +
 testsuite/systemtap.base/atcast-index.exp   | 58 +++++++++++++++++++++++++++++
 testsuite/systemtap.base/atcast-index_1.c   | 12 ++++++
 testsuite/systemtap.base/atcast-index_1.stp |  5 +++
 testsuite/systemtap.base/atcast-index_2.c   | 13 +++++++
 testsuite/systemtap.base/atcast-index_2.stp |  9 +++++
 6 files changed, 98 insertions(+)
 create mode 100644 testsuite/systemtap.base/atcast-index.exp
 create mode 100644 testsuite/systemtap.base/atcast-index_1.c
 create mode 100644 testsuite/systemtap.base/atcast-index_1.stp
 create mode 100644 testsuite/systemtap.base/atcast-index_2.c
 create mode 100644 testsuite/systemtap.base/atcast-index_2.stp

diff --git a/loc2stap.cxx b/loc2stap.cxx
index 177e43856..2502a3d7e 100644
--- a/loc2stap.cxx
+++ b/loc2stap.cxx
@@ -226,6 +226,7 @@ location_context::new_symref(vardecl *var)
 {
   symbol *sym = new symbol;
   sym->name = var->name;
+  sym->tok = var->tok;
   sym->referent = var;
   return sym;
 }
diff --git a/testsuite/systemtap.base/atcast-index.exp b/testsuite/systemtap.base/atcast-index.exp
new file mode 100644
index 000000000..b2c71c55e
--- /dev/null
+++ b/testsuite/systemtap.base/atcast-index.exp
@@ -0,0 +1,58 @@
+set test "atcast-index"
+set testpath "$srcdir/$subdir"
+
+if {! [installtest_p]} { untested $test; return }
+if {! [uretprobes_p]} { untested $test; return }
+
+# --- TEST 1 ---
+
+set subtest1 "TEST 1: const folding in array index of a translated array address"
+
+set res [target_compile ${testpath}/${test}_1.c ./a.out executable \
+    "additional_flags=-O additional_flags=-g"]
+if {$res ne ""} {
+    verbose "target_compile failed: $res" 2
+    fail "$test: $subtest1: unable to compile ${test}_1.c"
+} else {
+    foreach runtime [get_runtime_list] {
+        if {$runtime eq ""} {
+            set runtime "kernel"
+        }
+        set test_name "$test: $subtest1 ($runtime)"
+        set cmd "stap -vvv --runtime=$runtime -c ./a.out '$srcdir/$subdir/${test}_1.stp'"
+        set exit_code [run_cmd_2way $cmd out stderr]
+        set out_pat "^78\\n\\Z"
+        like "${test_name}: stdout" $out $out_pat "-linestop -lineanchor"
+        set stderr_pat "Collapsing constant-identity binary operator operator '\\*' at "
+        like "${test_name}: stderr" $stderr $stderr_pat "-lineanchor"
+        is "${test_name}: exit code" $exit_code 0
+    }
+}
+
+# --- TEST 2 ---
+
+set subtest2 "TEST 2: ternay expressions inside dwarf array indexes"
+
+set res [target_compile ${testpath}/${test}_2.c ./a.out executable \
+    "additional_flags=-O additional_flags=-g"]
+if {$res ne ""} {
+    verbose "target_compile failed: $res" 2
+    fail "$test: $subtest2: unable to compile ${test}_2.c"
+} else {
+    foreach runtime [get_runtime_list] {
+        if {$runtime eq ""} {
+            set runtime "kernel"
+        }
+        set test_name "$test: $subtest2 ($runtime)"
+        set cmd "stap --runtime=$runtime -c ./a.out '$srcdir/$subdir/${test}_2.stp'"
+        set exit_code [run_cmd_2way $cmd out stderr]
+        set exp_out "91
+78
+"
+        is "${test_name}: stdout" $out $exp_out
+        is "${test_name}: exit code" $exit_code 0
+        if {$stderr ne ""} {
+            send_log "stderr:\n$stderr"
+        }
+    }
+}
diff --git a/testsuite/systemtap.base/atcast-index_1.c b/testsuite/systemtap.base/atcast-index_1.c
new file mode 100644
index 000000000..49e50ff69
--- /dev/null
+++ b/testsuite/systemtap.base/atcast-index_1.c
@@ -0,0 +1,12 @@
+typedef struct {
+    char   arr[3];
+    char   sz;
+} foo;
+
+foo a;
+
+int main(void) {
+    a.sz = 2;
+    a.arr[2] = 78;
+    return 0;
+}
diff --git a/testsuite/systemtap.base/atcast-index_1.stp b/testsuite/systemtap.base/atcast-index_1.stp
new file mode 100644
index 000000000..f06e72759
--- /dev/null
+++ b/testsuite/systemtap.base/atcast-index_1.stp
@@ -0,0 +1,5 @@
+probe process.function("main").return {
+    p = &@var("a");
+    q = &@cast(p, "char")[((@cast(p, "foo")->sz)) * (1)];
+    printf("%d\n", user_int8(q));
+}
diff --git a/testsuite/systemtap.base/atcast-index_2.c b/testsuite/systemtap.base/atcast-index_2.c
new file mode 100644
index 000000000..88bd18915
--- /dev/null
+++ b/testsuite/systemtap.base/atcast-index_2.c
@@ -0,0 +1,13 @@
+typedef struct {
+    char   arr[5];
+    char   sz;
+} foo;
+
+foo a;
+
+int main(void) {
+    a.sz = 2;
+    a.arr[2] = 78;
+    a.arr[4] = 91;
+    return 0;
+}
diff --git a/testsuite/systemtap.base/atcast-index_2.stp b/testsuite/systemtap.base/atcast-index_2.stp
new file mode 100644
index 000000000..ec76af3fb
--- /dev/null
+++ b/testsuite/systemtap.base/atcast-index_2.stp
@@ -0,0 +1,9 @@
+probe process.function("main").return {
+    p = &@var("a");
+    q = &@cast(p, "char")[((@cast(p, "foo")->sz))
+                          * (@cast(p, "foo")->sz != 2 ? (1) : (2))];
+    printf("%d\n", user_int8(q));
+    q = &@cast(p, "char")[((@cast(p, "foo")->sz))
+                          * (@cast(p, "foo")->sz == 2 ? (1) : (2))];
+    printf("%d\n", user_int8(q));
+}
--
2.11.0.295.gd7dffce

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Fix segfaults in dwarf array pointer subscripting when -vvv is specified

Yichun Zhang
Hello!

On Wed, Nov 21, 2018 at 11:32 PM Yichun Zhang (agentzh)
<[hidden email]> wrote:
>
> location_context::new_symref() forgot to initialize sym->tok which led
> to NULL e->tok pointers.
>
> Thanks to Mozilla rr for greatly simplifying debugging this issue.
>
> Added some tests to cover this fix.

Committed.

Yichun