mirror of
https://sourceware.org/git/binutils-gdb.git
synced 2025-01-24 12:35:55 +08:00
830b67068c
When: - building trunk gdb with '-fsanitize=address -lasan', - running gdb tests with "export ASAN_OPTIONS=detect_leaks=0", I run into a heap-buffer-overflow failure for gdb.base/utf8-identifiers.exp. In more detail, the libasan error report looks like this: ... ================================================================= ==22340==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000054a80 at pc 0x7fcd0306b4c9 bp 0x7fffb1a8d880 sp 0x7fffb1a8d030 READ of size 32766 at 0x619000054a80 thread T0 #0 0x7fcd0306b4c8 (/usr/lib64/libasan.so.4+0xae4c8) #1 0x15f12a1 in update_line /data/gdb_versions/devel/src/readline/display.c:1377 #2 0x15f03cb in rl_redisplay /data/gdb_versions/devel/src/readline/display.c:1204 #3 0x15bf932 in readline_internal_setup /data/gdb_versions/devel/src/readline/readline.c:394 #4 0x15fe723 in _rl_callback_newline /data/gdb_versions/devel/src/readline/callback.c:89 #5 0x15fe7ef in rl_callback_handler_install /data/gdb_versions/devel/src/readline/callback.c:102 #6 0xd7bce6 in gdb_rl_callback_handler_install(char const*) /data/gdb_versions/devel/src/gdb/event-top.c:319 #7 0xd7c0c6 in display_gdb_prompt(char const*) /data/gdb_versions/devel/src/gdb/event-top.c:409 #8 0xd7d6c1 in command_line_handler(std::unique_ptr<char, gdb::xfree_deleter<char> >&&) /data/gdb_versions/devel/src/gdb/event-top.c:776 #9 0xd7b92a in gdb_rl_callback_handler /data/gdb_versions/devel/src/gdb/event-top.c:217 #10 0x15ff479 in rl_callback_read_char /data/gdb_versions/devel/src/readline/callback.c:220 #11 0xd7b4d5 in gdb_rl_callback_read_char_wrapper_noexcept /data/gdb_versions/devel/src/gdb/event-top.c:175 #12 0xd7b6b5 in gdb_rl_callback_read_char_wrapper /data/gdb_versions/devel/src/gdb/event-top.c:192 #13 0xd7c8aa in stdin_event_handler(int, void*) /data/gdb_versions/devel/src/gdb/event-top.c:514 #14 0xd76ca7 in handle_file_event /data/gdb_versions/devel/src/gdb/event-loop.c:731 #15 0xd7751f in gdb_wait_for_event /data/gdb_versions/devel/src/gdb/event-loop.c:857 #16 0xd7547e in gdb_do_one_event() /data/gdb_versions/devel/src/gdb/event-loop.c:321 #17 0xd75526 in start_event_loop() /data/gdb_versions/devel/src/gdb/event-loop.c:370 #18 0x101b04c in captured_command_loop /data/gdb_versions/devel/src/gdb/main.c:331 #19 0x101de73 in captured_main /data/gdb_versions/devel/src/gdb/main.c:1173 #20 0x101df03 in gdb_main(captured_main_args*) /data/gdb_versions/devel/src/gdb/main.c:1188 #21 0x872dba in main /data/gdb_versions/devel/src/gdb/gdb.c:32 #22 0x7fcd00f2ff49 in __libc_start_main (/lib64/libc.so.6+0x20f49) #23 0x872bc9 in _start (/data/gdb_versions/devel/build/gdb/gdb+0x872bc9) 0x619000054a80 is located 0 bytes to the right of 1024-byte region [0x619000054680,0x619000054a80) allocated by thread T0 here: #0 0x7fcd03099510 in malloc (/usr/lib64/libasan.so.4+0xdc510) #1 0xae0078 in xmalloc /data/gdb_versions/devel/src/gdb/common/common-utils.c:44 #2 0x15eaccb in init_line_structures /data/gdb_versions/devel/src/readline/display.c:458 #3 0x15eb4d8 in rl_redisplay /data/gdb_versions/devel/src/readline/display.c:526 #4 0x15bf932 in readline_internal_setup /data/gdb_versions/devel/src/readline/readline.c:394 #5 0x15fe723 in _rl_callback_newline /data/gdb_versions/devel/src/readline/callback.c:89 #6 0x15fe7ef in rl_callback_handler_install /data/gdb_versions/devel/src/readline/callback.c:102 #7 0xd7bce6 in gdb_rl_callback_handler_install(char const*) /data/gdb_versions/devel/src/gdb/event-top.c:319 #8 0xd7c0c6 in display_gdb_prompt(char const*) /data/gdb_versions/devel/src/gdb/event-top.c:409 #9 0xaa041b in cli_interp_base::pre_command_loop() /data/gdb_versions/devel/src/gdb/cli/cli-interp.c:286 #10 0xf5342a in interp_pre_command_loop(interp*) /data/gdb_versions/devel/src/gdb/interps.c:320 #11 0x101b047 in captured_command_loop /data/gdb_versions/devel/src/gdb/main.c:328 #12 0x101de73 in captured_main /data/gdb_versions/devel/src/gdb/main.c:1173 #13 0x101df03 in gdb_main(captured_main_args*) /data/gdb_versions/devel/src/gdb/main.c:1188 #14 0x872dba in main /data/gdb_versions/devel/src/gdb/gdb.c:32 #15 0x7fcd00f2ff49 in __libc_start_main (/lib64/libc.so.6+0x20f49) SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib64/libasan.so.4+0xae4c8) Shadow bytes around the buggy address: 0x0c3280002900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280002910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280002920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280002930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280002940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c3280002950:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3280002960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3280002970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280002980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280002990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c32800029a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==22340==ABORTING ... I've written an assert in rl_redisplay that formulates the error condition: ... @@ -1387,6 +1389,10 @@ rl_redisplay (void) cpos_adjusted = 0; + assert (last_lmargin + (_rl_screenwidth + visible_wrap_offset) + <= line_size); + assert (lmargin + (_rl_screenwidth + (lmargin ? 0 : wrap_offset)) + <= line_size); update_line (&visible_line[last_lmargin], &invisible_line[lmargin], 0, _rl_screenwidth + visible_wrap_offset, _rl_screenwidth + (lmargin ? 0 : wrap_offset), 0); ... which triggers without needing the address sanitizer (or even an executable), like this: ... $ TERM=dumb gdb -q -ex "set width 0" gdb: src/display.c:1393: rl_redisplay: Assertion `last_lmargin + (_rl_screenwidth + visible_wrap_offset) <= line_size' failed. Aborted (core dumped) ... The basic problem is this: visible_line and invisible_line have length line_size, but the update_line call assumes that line_size is at least _rl_screenwidth + 1. Executing "set width 0" sets _rl_screenwidth to 32766 but doesn't affect line_size, which is initialized to 1024. Fix this by ensuring in init_line_structures and rl_redisplay that line_size is at least _rl_screenwidth + 1. Tested on x86_64-linux. Reviewed by readline maintainer ( https://sourceware.org/ml/gdb-patches/2019-05/msg00566.html ). readline/ChangeLog.gdb: 2019-07-12 Tom de Vries <tdevries@suse.de> Chet Ramey <chet.ramey@case.edu> PR cli/24514 * readline/display.c (init_line_structures, rl_redisplay): Ensure line_size is at least _rl_screenwidth + 1. |
||
---|---|---|
.. | ||
cross-build | ||
doc | ||
examples | ||
shlib | ||
support | ||
aclocal.m4 | ||
ansi_stdlib.h | ||
bind.c | ||
callback.c | ||
CHANGELOG | ||
ChangeLog.gdb | ||
CHANGES | ||
chardefs.h | ||
compat.c | ||
complete.c | ||
config.h.in | ||
configure | ||
configure.in | ||
COPYING | ||
display.c | ||
emacs_keymap.c | ||
funmap.c | ||
histexpand.c | ||
histfile.c | ||
histlib.h | ||
history.c | ||
history.h | ||
histsearch.c | ||
input.c | ||
INSTALL | ||
isearch.c | ||
keymaps.c | ||
keymaps.h | ||
kill.c | ||
macro.c | ||
Makefile.in | ||
MANIFEST | ||
mbutil.c | ||
misc.c | ||
NEWS | ||
nls.c | ||
parens.c | ||
patchlevel | ||
posixdir.h | ||
posixjmp.h | ||
posixselect.h | ||
posixstat.h | ||
readline.c | ||
readline.h | ||
README | ||
rlconf.h | ||
rldefs.h | ||
rlmbutil.h | ||
rlprivate.h | ||
rlshell.h | ||
rlstdc.h | ||
rltty.c | ||
rltty.h | ||
rltypedefs.h | ||
rlwinsize.h | ||
savestring.c | ||
search.c | ||
shell.c | ||
signals.c | ||
tcap.h | ||
terminal.c | ||
text.c | ||
tilde.c | ||
tilde.h | ||
undo.c | ||
USAGE | ||
util.c | ||
vi_keymap.c | ||
vi_mode.c | ||
xfree.c | ||
xmalloc.c | ||
xmalloc.h |
Introduction ============ This is the Gnu Readline library, version 6.2. The Readline library provides a set of functions for use by applications that allow users to edit command lines as they are typed in. Both Emacs and vi editing modes are available. The Readline library includes additional functions to maintain a list of previously-entered command lines, to recall and perhaps reedit those lines, and perform csh-like history expansion on previous commands. The history facilites are also placed into a separate library, the History library, as part of the build process. The History library may be used without Readline in applications which desire its capabilities. The Readline library is free software, distributed under the terms of the [GNU] General Public License as published by the Free Software Foundation, version 3 of the License. For more information, see the file COPYING. To build the library, try typing `./configure', then `make'. The configuration process is automated, so no further intervention should be necessary. Readline builds with `gcc' by default if it is available. If you want to use `cc' instead, type CC=cc ./configure if you are using a Bourne-style shell. If you are not, the following may work: env CC=cc ./configure Read the file INSTALL in this directory for more information about how to customize and control the build process. The file rlconf.h contains C preprocessor defines that enable and disable certain Readline features. The special make target `everything' will build the static and shared libraries (if the target platform supports them) and the examples. Examples ======== There are several example programs that use Readline features in the examples directory. The `rl' program is of particular interest. It is a command-line interface to Readline, suitable for use in shell scripts in place of `read'. Shared Libraries ================ There is skeletal support for building shared versions of the Readline and History libraries. The configure script creates a Makefile in the `shlib' subdirectory, and typing `make shared' will cause shared versions of the Readline and History libraries to be built on supported platforms. If `configure' is given the `--enable-shared' option, it will attempt to build the shared libraries by default on supported platforms. Configure calls the script support/shobj-conf to test whether or not shared library creation is supported and to generate the values of variables that are substituted into shlib/Makefile. If you try to build shared libraries on an unsupported platform, `make' will display a message asking you to update support/shobj-conf for your platform. If you need to update support/shobj-conf, you will need to create a `stanza' for your operating system and compiler. The script uses the value of host_os and ${CC} as determined by configure. For instance, FreeBSD 4.2 with any version of gcc is identified as `freebsd4.2-gcc*'. In the stanza for your operating system-compiler pair, you will need to define several variables. They are: SHOBJ_CC The C compiler used to compile source files into shareable object files. This is normally set to the value of ${CC} by configure, and should not need to be changed. SHOBJ_CFLAGS Flags to pass to the C compiler ($SHOBJ_CC) to create position-independent code. If you are using gcc, this should probably be set to `-fpic'. SHOBJ_LD The link editor to be used to create the shared library from the object files created by $SHOBJ_CC. If you are using gcc, a value of `gcc' will probably work. SHOBJ_LDFLAGS Flags to pass to SHOBJ_LD to enable shared object creation. If you are using gcc, `-shared' may be all that is necessary. These should be the flags needed for generic shared object creation. SHLIB_XLDFLAGS Additional flags to pass to SHOBJ_LD for shared library creation. Many systems use the -R option to the link editor to embed a path within the library for run-time library searches. A reasonable value for such systems would be `-R$(libdir)'. SHLIB_LIBS Any additional libraries that shared libraries should be linked against when they are created. SHLIB_LIBPREF The prefix to use when generating the filename of the shared library. The default is `lib'; Cygwin uses `cyg'. SHLIB_LIBSUFF The suffix to add to `libreadline' and `libhistory' when generating the filename of the shared library. Many systems use `so'; HP-UX uses `sl'. SHLIB_LIBVERSION The string to append to the filename to indicate the version of the shared library. It should begin with $(SHLIB_LIBSUFF), and possibly include version information that allows the run-time loader to load the version of the shared library appropriate for a particular program. Systems using shared libraries similar to SunOS 4.x use major and minor library version numbers; for those systems a value of `$(SHLIB_LIBSUFF).$(SHLIB_MAJOR)$(SHLIB_MINOR)' is appropriate. Systems based on System V Release 4 don't use minor version numbers; use `$(SHLIB_LIBSUFF).$(SHLIB_MAJOR)' on those systems. Other Unix versions use different schemes. SHLIB_DLLVERSION The version number for shared libraries that determines API compatibility between readline versions and the underlying system. Used only on Cygwin. Defaults to $SHLIB_MAJOR, but can be overridden at configuration time by defining DLLVERSION in the environment. SHLIB_DOT The character used to separate the name of the shared library from the suffix and version information. The default is `.'; systems like Cygwin which don't separate version information from the library name should set this to the empty string. SHLIB_STATUS Set this to `supported' when you have defined the other necessary variables. Make uses this to determine whether or not shared library creation should be attempted. You should look at the existing stanzas in support/shobj-conf for ideas. Once you have updated support/shobj-conf, re-run configure and type `make shared'. The shared libraries will be created in the shlib subdirectory. If shared libraries are created, `make install' will install them. You may install only the shared libraries by running `make install-shared' from the top-level build directory. Running `make install' in the shlib subdirectory will also work. If you don't want to install any created shared libraries, run `make install-static'. Documentation ============= The documentation for the Readline and History libraries appears in the `doc' subdirectory. There are three texinfo files and a Unix-style manual page describing the facilities available in the Readline library. The texinfo files include both user and programmer's manuals. HTML versions of the manuals appear in the `doc' subdirectory as well. Reporting Bugs ============== Bug reports for Readline should be sent to: bug-readline@gnu.org When reporting a bug, please include the following information: * the version number and release status of Readline (e.g., 4.2-release) * the machine and OS that it is running on * a list of the compilation flags or the contents of `config.h', if appropriate * a description of the bug * a recipe for recreating the bug reliably * a fix for the bug if you have one! If you would like to contact the Readline maintainer directly, send mail to bash-maintainers@gnu.org. Since Readline is developed along with bash, the bug-bash@gnu.org mailing list (mirrored to the Usenet newsgroup gnu.bash.bug) often contains Readline bug reports and fixes. Chet Ramey chet.ramey@case.edu