mirror of
https://sourceware.org/git/binutils-gdb.git
synced 2025-02-05 12:53:16 +08:00
5af5392a3d
This bug was originally reported against Fedora GDB: https://bugzilla.redhat.com/show_bug.cgi?id=1723564 The problem is that GDB will crash in the following scenario: - PYTHONMALLOC=debug or PYTHONDEVMODE=1 is set. - The Python debuginfo is installed. - GDB is used to debug Python. The crash looks like this: $ PYTHONMALLOC=debug gdb -args python3 -c pass GNU gdb (GDB) Fedora 8.3-3.fc30 Reading symbols from python3... Reading symbols from /usr/lib/debug/usr/bin/python3.7m-3.7.3-3.fc30.x86_64.debug... (gdb) run Starting program: /usr/bin/python3 -c pass Missing separate debuginfos, use: dnf debuginfo-install glibc-2.29-9.fc30.x86_64 Debug memory block at address p=0x5603977bf330: API '' 8098648152243306496 bytes originally requested The 7 pad bytes at p-7 are not all FORBIDDENBYTE (0xfb): at p-7: 0x03 *** OUCH at p-6: 0x00 *** OUCH at p-5: 0x00 *** OUCH at p-4: 0x00 *** OUCH at p-3: 0x00 *** OUCH at p-2: 0x00 *** OUCH at p-1: 0x00 *** OUCH Because memory is corrupted at the start, the count of bytes requested may be bogus, and checking the trailing pad bytes may segfault. The 8 pad bytes at tail=0x706483999ad1f330 are Segmentation fault (core dumped) It's hard to determine what happens, but after doing some investigation and talking to Victor Stinner I found that GDB should not use the Python memory allocation functions before the Python interpreter is initialized (which makes sense). However, we do just that on python/python.c:do_start_initialization: ... progsize = strlen (progname.get ()); progname_copy = (wchar_t *) PyMem_Malloc ((progsize + 1) * sizeof (wchar_t)); ... /* Note that Py_SetProgramName expects the string it is passed to remain alive for the duration of the program's execution, so it is not freed after this call. */ Py_SetProgramName (progname_copy); ... Py_Initialize (); PyEval_InitThreads (); Upon reading the Python 3 C API documentation, I found (https://docs.python.org/3.5/c-api/memory.html): To avoid memory corruption, extension writers should never try to operate on Python objects with the functions exported by the C library: malloc(), calloc(), realloc() and free(). This will result in mixed calls between the C allocator and the Python memory manager with fatal consequences, because they implement different algorithms and operate on different heaps. However, one may safely allocate and release memory blocks with the C library allocator for individual purposes[...] And Py_SetProgramName seems like a very simple call that doesn't need a Python-allocated memory to work on. So I'm proposing this patch, which simply replaces PyMem_Malloc by xmalloc. Testing this is more complicated. First, the crash is completely non-deterministic; I was able to reproduce it 10 times in a row, and then I wasn't able to reproduce it anymore. I found that if you completely remove your build directory and rebuild GDB from scratch, you can reproduce it again confidently. And with my patch, I confirmed that the bug doesn't manifest even in this situation. No regressions found. OK to apply? gdb/ChangeLog: 2019-06-28 Sergio Durigan Junior <sergiodj@redhat.com> PR python/24742 https://bugzilla.redhat.com/show_bug.cgi?id=1723564 * python/python.c (do_start_initialization): Use 'xmalloc' instead of 'PyMem_Malloc'. |
||
|---|---|---|
| bfd | ||
| binutils | ||
| config | ||
| contrib | ||
| cpu | ||
| elfcpp | ||
| etc | ||
| gas | ||
| gdb | ||
| gnulib | ||
| gold | ||
| gprof | ||
| include | ||
| intl | ||
| ld | ||
| libctf | ||
| libdecnumber | ||
| libiberty | ||
| opcodes | ||
| readline | ||
| sim | ||
| texinfo | ||
| zlib | ||
| .cvsignore | ||
| .gitattributes | ||
| .gitignore | ||
| ar-lib | ||
| ChangeLog | ||
| compile | ||
| config-ml.in | ||
| config.guess | ||
| config.rpath | ||
| config.sub | ||
| configure | ||
| configure.ac | ||
| COPYING | ||
| COPYING3 | ||
| COPYING3.LIB | ||
| COPYING.LIB | ||
| COPYING.LIBGLOSS | ||
| COPYING.NEWLIB | ||
| depcomp | ||
| djunpack.bat | ||
| install-sh | ||
| libtool.m4 | ||
| lt~obsolete.m4 | ||
| ltgcc.m4 | ||
| ltmain.sh | ||
| ltoptions.m4 | ||
| ltsugar.m4 | ||
| ltversion.m4 | ||
| MAINTAINERS | ||
| Makefile.def | ||
| Makefile.in | ||
| Makefile.tpl | ||
| makefile.vms | ||
| missing | ||
| mkdep | ||
| mkinstalldirs | ||
| move-if-change | ||
| multilib.am | ||
| README | ||
| README-maintainer-mode | ||
| setup.com | ||
| src-release.sh | ||
| symlink-tree | ||
| test-driver | ||
| ylwrap | ||
README for GNU development tools This directory contains various GNU compilers, assemblers, linkers, debuggers, etc., plus their support routines, definitions, and documentation. If you are receiving this as part of a GDB release, see the file gdb/README. If with a binutils release, see binutils/README; if with a libg++ release, see libg++/README, etc. That'll give you info about this package -- supported targets, how to use it, how to report bugs, etc. It is now possible to automatically configure and build a variety of tools with one command. To build all of the tools contained herein, run the ``configure'' script here, e.g.: ./configure make To install them (by default in /usr/local/bin, /usr/local/lib, etc), then do: make install (If the configure script can't determine your type of computer, give it the name as an argument, for instance ``./configure sun4''. You can use the script ``config.sub'' to test whether a name is recognized; if it is, config.sub translates it to a triplet specifying CPU, vendor, and OS.) If you have more than one compiler on your system, it is often best to explicitly set CC in the environment before running configure, and to also set CC when running make. For example (assuming sh/bash/ksh): CC=gcc ./configure make A similar example using csh: setenv CC gcc ./configure make Much of the code and documentation enclosed is copyright by the Free Software Foundation, Inc. See the file COPYING or COPYING.LIB in the various directories, for a description of the GNU General Public License terms under which you can copy the files. REPORTING BUGS: Again, see gdb/README, binutils/README, etc., for info on where and how to report problems.