Freeing ecoff_debug_info "pointers to the unswapped symbolic info"
isn't a simple matter, due to differing allocation strategies. In
_bfd_ecoff_slurp_symbolic_info the pointers are to objalloc memory.
In the ecoff linker they are to separately malloc'd memory. In gas we
have most (obj-elf) or all (obj-ecoff) into a single malloc'd buffer.
This patch fixes the leaks for binutils and ld, leaving the gas leaks
for another day. The mips elf backend already had this covered, and
the ecoff backend had a pointer, raw_syments used as a flag, so most
of the patch is moving these around a little so they are accessible
for both ecoff and elf.
include/
* coff/ecoff.h (struct ecoff_debug_info): Add alloc_syments.
bfd/
* libecoff.h (struct ecoff_tdata): Delete raw_syments.
* elfxx-mips.c (free_ecoff_debug): Delete. Replace uses with
_bfd_ecoff_free_ecoff_debug_info.
(_bfd_mips_elf_final_link): Init debug.alloc_syments.
* ecofflink.c (_bfd_ecoff_free_ecoff_debug_info): New function.
* ecoff.c (_bfd_ecoff_bfd_free_cached_info): Call
_bfd_ecoff_free_ecoff_debug_info.
(_bfd_ecoff_slurp_symbolic_info): Replace uses of raw_syments
with alloc_syments.
(ecoff_final_link_debug_accumulate): Likewise. Use
_bfd_ecoff_free_ecoff_debug_info.
(_bfd_ecoff_bfd_copy_private_bfd_data): Set alloc_syments for
copied output.
* elf64-alpha.c (elf64_alpha_read_ecoff_info): Use
_bfd_ecoff_free_ecoff_debug_info.
* libbfd-in.h (_bfd_ecoff_free_ecoff_debug_info): Declare.
* libbfd.h: Regenerate.
gas/
* config/obj-ecoff.c (ecoff_frob_file): Set alloc_syments.
* config/obj-elf.c (elf_frob_file_after_relocs): Likewise.
I noticed that the test-suite doesn't excercise the case in
tui_redisplay_readline that height (initially 1) is changed by this call:
...
tui_puts_internal (w, prompt, &height);
...
Add a test-case that excercises this.
Tested on x86_64-linux.
In the current implementation, core_target::build_file_mappings will try
to locate and open files which were mapped in the process for which the
core dump was produced. If the file cannot be found or cannot be
opened, GDB will re-try to open it once for each time it was mapped in
the process's address space.
This patch makes it so GDB recognizes that it has already failed to open
a given file once and does not re-try the process for each mapping.
Reviewed-By: John Baldwin <jhb@FreeBSD.org>
Approved-By: Andrew Burgess <aburgess@redhat.com>
When GDB opens a coredump it tries to locate and then open all files
which were mapped in the process.
If a file is found but cannot be opened with BFD (bfd_open /
bfd_check_format fails), then a warning is printed to the user. If the
same file was mapped multiple times in the process's address space, the
warning is printed once for each time the file was mapped. I find this
un-necessarily noisy.
This patch makes it so the warning message is printed only once per
file.
There was a comment in the code assuming that if the file was found on
the system, opening it (bfd_open + bfd_check_format) should always
succeed. A recent change in BFD (014a602b86 "Don't optimise bfd_seek
to same position") showed that this assumption is not valid. For
example, it is possible to have a core dump of a process which had
mmaped an IO page from a DRI render node (/dev/dri/runderD$NUM). In
such case the core dump does contain the information that portions of
this special file were mapped in the host process, but trying to seek to
position 0 will fail, making bfd_check_format fail. This patch removes
this comment.
Reviewed-By: John Baldwin <jhb@FreeBSD.org>
Approved-By: Andrew Burgess <aburgess@redhat.com>
In core_target::build_file_mappings, GDB tries to open files referenced
in the core dump.
The process goes like this:
struct bfd *bfd = bfd_map[filename];
if (bfd == nullptr)
{
bfd = bfd_map[filename]
= bfd_openr (expanded_fname.get (), "binary");
if (bfd == nullptr || !bfd_check_format (bfd, bfd_object))
{
if (bfd != nullptr)
bfd_close (bfd);
return;
}
}
asection *sec = bfd_make_section_anyway (bfd, "load");
...
The problem is that if bfd_check_format fails, we close the bfd but keep
a reference to it in the bfd_map.
If the same filename appears another time in the NT_FILE note, we enter
this code again. The second time, bfd_map[filename] is not nullptr and
we try to call bfd_make_section_anyway on an already closed BFD, which
is a use-after-free error.
This patch makes sure that the bfd is only saved in the bfd_map if it
got opened successfully.
This error got exposed by a recent change in BFD (014a602b86 "Don't
optimise bfd_seek to same position"). Since this change, opening a
coredump which contains mapping to some special files such as a DRI
render node (/dev/dri/renderD$NUM) exposes the issue. This happens for
example for processes using AMDGPU devices to offload compute tasks.
Reviewed-By: John Baldwin <jhb@FreeBSD.org>
Approved-By: Andrew Burgess <aburgess@redhat.com>
sframe_decoder_get_funcdesc_at_index () is the function to access SFrame
FDEs in the SFrame decoder context. Use it consistently.
Avoid unnecessary type cast and include minor enhancements as the code
is moved around.
libsframe/
* sframe.c (sframe_decoder_get_funcdesc_at_index): Move some
checks here. Move the static function definition before the new
use.
(sframe_decoder_get_funcdesc): Use
sframe_decoder_get_funcdesc_at_index instead.
This patch simplifies ada_lookup_struct_elt_type by changing it to
call find_struct_field. The two functions were substantially similar,
even to the point of having identical comments.
I tested this using both the gdb test suite and the internal AdaCore
test suite. Given this and the fact that it is Ada-specific, I am
checking it in.
PR 30499
bfd * elflink.c (elf_link_add_object_symbols): Add a message indicating that alignment and size discrepancies between the definition of common symbols and normal symbols are serious and should be investigated.
ld * testsuite/ld-elfcomm/elfcomm.exp: Update regexps to match new output from the linker.
I noticed that the help texts for tui border-mode and tui active-border-mode
are similar.
Factor out the common part into macro HELP_ATTRIBUTE_MODE.
Tested on x86_64-linux.
In commit faf01aee1d ("[gdb] Handle pending ^C after rl_callback_read_char")
we handled a problem (described in detail in that commit) for readline >= 8
using public readline functions rl_pending_signal and rl_check_signals.
For readline 7 (note that we require at least readline 7 so there's no need to
worry about readline 6), there was no fix though, because rl_check_signals was
not available.
Fix this by instead using the private readline function _rl_signal_handler.
There is precedent for using private readline variables and functions, but
it's something we want to get rid of (PR build/10723). Nevertheless, I think
we can allow this specific instance because it's not used when building
against readline >= 8.
[ In the meanwhile, a fix was committed in the devel branch of the readline
repo, contained in commit 8d0c439 ("rollup of changes since readline-8.2"),
first proposed here (
https://lists.gnu.org/archive/html/bug-readline/2022-10/msg00008.html ). ]
Tested on x86_64-linux, against system readline 7.0 on openSUSE Leap 15.4.
PR cli/27813
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=27813
The gdb.dwarf2/dw2-prologue-end-2.exp test was failing for both AArch64 and
Arm.
As Tom pointed out here (https://inbox.sourceware.org/gdb-patches/6663707c-4297-c2f2-a0bd-f3e84fc62aad@suse.de/),
there are issues with both the prologue skipper for AArch64 and Arm and an
incorrect assumption by the testcase.
This patch fixes both of AArch64's and Arm's prologue skippers to not skip past
the end of a function. It also incorporates a fix to the testcase so it
doesn't assume the prologue skipper will stop at the first instruction of the
functions/labels.
Regression-tested on aarch64-linux/arm-linux Ubuntu 20.04/22.04 and
x86_64-linux Ubuntu 20.04.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30506
Co-Authored-By: Tom de Vries <tdevries@suse.de>
Co-Authored-By: Luis Machado <luis.machado@arm.com>
While working on PR tui/30526, I noticed a bug in test-case
gdb.python/tui-window-disabled.exp.
Here we send "tui enable" to gdb, but don't wait for it to arrive before
checking for a window box:
...
send_gdb "tui enable\n"
Term::check_box "check for python window" 0 0 80 16
...
Fix this by waiting for the prompt to be issued in TUI before doing the check.
Tested on x86_64-linux.
Using "taskset -c 0" I run into this timeout:
...
(gdb) PASS: gdb.threads/step-N-all-progress.exp: non-stop=on: \
target-non-stop=on: continue to breakpoint: break here
next 3^M
[New Thread 0x7ffff7dbd6c0 (LWP 10202)]^M
50 return 0;^M
(gdb) [Thread 0x7ffff7dbd6c0 (LWP 10202) exited]^M
FAIL: gdb.threads/step-N-all-progress.exp: non-stop=on: target-non-stop=on: \
next 3 (timeout)
...
The problem is that this test:
...
gdb_test "next 3" "return 0;"
...
expects no output after the prompt.
Fix this by using -no-prompt-anchor.
Tested on x86_64-linux.
Commit cb81e84c72 resulted in an xpass for hppa64-hp-hpux11, but the
test still fails on hpp64-linux. Let's make it pass for hppa64-linux
too, by accepting pcrel sdata8 encoding in the augmentation data.
While running this test on an emulator, I noticed we're failing to match the
output message when "memory-tag check" is issued with no arguments. That's
because I coded the message using "error" and missed a period at the end. Other
similar messages are issued with error_no_arg.
This patch changes that call to use error_no_arg.
Tested on aarch64-linux Ubuntu 20.04/22.04.
doc/bfdint.texi and comments in the aout and som code about this
function are just wrong, and its name is not very apt. Better would
be _bfd_mostly_destroy, and we certainly should not be saying anything
about the possibility of later recreating anything lost by this
function. What's more, if _bfd_free_cached_info is called when
creating an archive map to reduce memory usage by throwing away
symbols, the target _close_and_cleanup function won't have access to
tdata or section bfd_user_data to tidy memory. This means most of the
target _close_and_cleanup function won't do anything, and therefore
sometimes will result in memory leaks.
This patch fixes the documentation problems and moves most of the
target _close_and_cleanup code to target _bfd_free_cached_info.
Another notable change is that bfd_generic_bfd_free_cached_info is now
defined as _bfd_free_cached_info rather than _bfd_bool_bfd_true,
ie. the default now frees objalloc memory.
include/
* sframe-api.h (sframe_decoder_get_num_fidx): Use extern.
libsframe/
* sframe-dump.c (dump_sframe_func_with_fres): Fix line length.
* sframe.c (sframe_frame_row_entry_copy): Likewise.
(sframe_decode_fre_start_address): Use the intended type uint32_t.
Commit 89c70cd358 apparently results in a bogus "value may be used
uninitialized" warning with some combination of compiler and
optimisation options.
* readelf.c (target_specific_reloc_handling): Init value.
Change the data type of some of the members of the sframe_decoder_ctx
and sframe_encoder_ctx data structures to use the applicable data types
explicitly. Current implementation in libsframe does type casts, which
seem unnecessary.
libsframe/
* libsframe/sframe-impl.h (struct sframe_decoder_ctx): Use
applicable data type explicitly.
(struct sframe_encoder_ctx): Likewise. Use same style of
comments consistently.
* libsframe/sframe.c (struct sf_fde_tbl): Define without
typedef.
(struct sf_fre_tbl): Likewise.
(sframe_decode): Remove unnecessary type casts.
(sframe_encoder_get_funcdesc_at_index): Likewise.
(sframe_encoder_add_fre): Likewise.
(sframe_encoder_add_funcdesc): Likewise.
(sframe_sort_funcdesc): Likewise.
(sframe_encoder_write_sframe): Likewise.
This changes dwarf2_fde to use the unrelocated_addr type. This
pointed out a latent bug in dwarf2_frame_cache, where a relocated
address is compared to an unrelocated address.
A few spots in dwarf2_frame_cache use:
cache->per_objfile->objfile->text_section_offset ()
... and a subsequent patch will add more, so move this into a local
variable.
unrelocated_addr is currently defined in symtab.h, but in order to
avoid having to include that in more places, I wanted to move the type
elsewhere. I considered defs.h, but it seemed reasonable to have it
next to CORE_ADDR, which is what this patch does.
dwarf2_record_block_ranges is only ever called with the text section
offset, so this patch removes the parameter entirely. This makes a
subsequent patch a little simpler.
When rewriting the program headers, don't warn an empty PT_LOAD with the
program headers.
bfd/
PR binutils/30508
* elf.c (rewrite_elf_program_header): Don't warn if an empty
PT_LOAD contains the program headers.
ld/
PR binutils/30508
* testsuite/ld-elf/pr30508.d: New file.
* testsuite/ld-elf/pr30508.s: Likewise.
History Of This Patch
=====================
This commit aims to address PR gdb/21699. There have now been a
couple of attempts to fix this issue. Simon originally posted two
patches back in 2021:
https://sourceware.org/pipermail/gdb-patches/2021-July/180894.htmlhttps://sourceware.org/pipermail/gdb-patches/2021-July/180896.html
Before Pedro then posted a version of his own:
https://sourceware.org/pipermail/gdb-patches/2021-July/180970.html
After this the conversation halted. Then in 2023 I (Andrew) also took
a look at this bug and posted two versions:
https://sourceware.org/pipermail/gdb-patches/2023-April/198570.htmlhttps://sourceware.org/pipermail/gdb-patches/2023-April/198680.html
The approach taken in my first patch was pretty similar to what Simon
originally posted back in 2021. My second attempt was only a slight
variation on the first.
Pedro then pointed out his older patch, and so we arrive at this
patch. The GDB changes here are mostly Pedro's work, but updated by
me (Andrew), any mistakes are mine.
The tests here are a combinations of everyone's work, and the commit
message is new, but copies bits from everyone's earlier work.
Problem Description
===================
Bug PR gdb/21699 makes the observation that using $_as_string with
GDB's printf can cause GDB to print unexpected data from the
inferior. The reproducer is pretty simple:
#include <stddef.h>
static char arena[100];
/* Override malloc() so value_coerce_to_target() gets a known
pointer, and we know we"ll see an error if $_as_string() gives
a string that isn't null terminated. */
void
*malloc (size_t size)
{
memset (arena, 'x', sizeof (arena));
if (size > sizeof (arena))
return NULL;
return arena;
}
int
main ()
{
return 0;
}
And then in a GDB session:
$ gdb -q test
Reading symbols from /tmp/test...
(gdb) start
Temporary breakpoint 1 at 0x4004c8: file test.c, line 17.
Starting program: /tmp/test
Temporary breakpoint 1, main () at test.c:17
17 return 0;
(gdb) printf "%s\n", $_as_string("hello")
"hello"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
(gdb) quit
The problem above is caused by how value_cstring is used within
py-value.c, but once we understand the issue then it turns out that
value_cstring is used in an unexpected way in many places within GDB.
Within py-value.c we have a null-terminated C-style string. We then
pass a pointer to this string, along with the length of this
string (so not including the null-character) to value_cstring.
In value_cstring GDB allocates an array value of the given character
type, and copies in requested number of characters. However
value_cstring does not add a null-character of its own. This means
that the value created by calling value_cstring is only
null-terminated if the null-character is included in the passed in
length. In py-value.c this is not the case, and indeed, in most uses
of value_cstring, this is not the case.
When GDB tries to print one of these strings the value contents are
pushed to the inferior, and then read back as a C-style string, that
is, GDB reads inferior memory until it finds a null-terminator. For
the py-value.c case, no null-terminator is pushed into the inferior,
so GDB will continue reading inferior memory until a null-terminator
is found, with unpredictable results.
Patch Description
=================
The first thing this patch does is better define what the arguments
for the two function value_cstring and value_string should represent.
The comments in the header file are updated to describe whether the
length argument should, or should not, include a null-character.
Also, the data argument is changed to type gdb_byte. The functions as
they currently exist will handle wide-characters, in which case more
than one 'char' would be needed for each character. As such using
gdb_byte seems to make more sense.
To avoid adding casts throughout GDB, I've also added an overload that
still takes a 'char *', but asserts that the character type being used
is of size '1'.
The value_cstring function is now responsible for adding a null
character at the end of the string value it creates.
However, once we start looking at how value_cstring is used, we
realise there's another, related, problem. Not every language's
strings are null terminated. Fortran and Ada strings, for example,
are just an array of characters, GDB already has the function
value_string which can be used to create such values.
Consider this example using current GDB:
(gdb) set language ada
(gdb) p $_gdb_setting("arch")
$1 = (97, 117, 116, 111)
(gdb) ptype $
type = array (1 .. 4) of char
(gdb) p $_gdb_maint_setting("test-settings string")
$2 = (0)
(gdb) ptype $
type = array (1 .. 1) of char
This shows two problems, first, the $_gdb_setting and
$_gdb_maint_setting functions are calling value_cstring using the
builtin_char character, rather than a language appropriate type. In
the first call, the 'arch' case, the value_cstring call doesn't
include the null character, so the returned array only contains the
expected characters. But, in the $_gdb_maint_setting example we do
end up including the null-character, even though this is not expected
for Ada strings.
This commit adds a new language method language_defn::value_string,
this function takes a pointer and length and creates a language
appropriate value that represents the string. For C, C++, etc this
will be a null-terminated string (by calling value_cstring), and for
Fortran and Ada this can be a bounded array of characters with no null
terminator. Additionally, this new language_defn::value_string
function is responsible for selecting a language appropriate character
type.
After this commit the only calls to value_cstring are from the C
expression evaluator and from the default language_defn::value_string.
And the only calls to value_string are from Fortan, Ada, and ObjectC
related code.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21699
Co-Authored-By: Simon Marchi <simon.marchi@efficios.com>
Co-Authored-By: Andrew Burgess <aburgess@redhat.com>
Co-Authored-By: Pedro Alves <pedro@palves.net>
Approved-By: Simon Marchi <simon.marchi@efficios.com>
Fix grammar in some comments and docs:
- machines that doesn't -> machines that don't
- its a -> it's a
- its the -> it's the
- if does its not -> if it does it's not
- one more instructions if doesn't match ->
one more instruction if it doesn't match
- it's own -> its own
- it's first -> its first
- it's pointer -> its pointer
I also came across "it's performance" in gdb/stubs/*-stub.c in the HP public
domain notice, I've left that alone.
Tested on x86_64-linux.
bfd_errmsg uses asprintf for bfd_error_on_input, which means we
currently leak memory. Keep a static pointer to the message and free
it in various places to minimise the leaks.
bfd_set_input_error (NULL, bfd_error_no_error) is a way to free up the
last string if that matters.
* bfd.c (input_error_msg): New static var.
(bfd_set_input_error): Free it here..
(bfd_init): ..and here..
(bfd_errmsg): ..and here. Use it for asprintf output.
We should try our best to make mips32 using the same
oprand char with micromips. So for mips32, we use:
^ is added for 5bit sa oprand for some new DSPr2 instructions:
APPEND, PREPEND, PRECR_SRA[_R].PH.W
the LSB bit is 11, like RD.
+t is removed for coprocessor 0 destination register.
'E' does the samething.
+t is now used for RX oprand for MFTR/MTTR (MT ASE)
? is added for sel oprand for MFTR/MTTR (MT ASE)
For mips32, the position of sel in MFTR/MTTR is same with mfc0 etc,
while for micromips, they are different.
We also add an extesion format of cftc2/cttc2/mftc2/mfthc2/mttc2/mtthc2:
concatenating rs with rx as the index of control or data.
