From 31aceee86308321c2ef299e50773d0043e458e7f Mon Sep 17 00:00:00 2001 From: Tom de Vries Date: Thu, 1 Nov 2018 09:21:18 +0100 Subject: [gdb] Fix gdb crash when reading core file Consider the test-case from this patch, compiled with O0. The executable segfaults, and generates a core dump: ... $ ./a.out Segmentation fault (core dumped) ... When loading the core file, limiting stack size to 4MB, gdb crashes: ... $ ulimit -s 4096 $ gdb -batch ./a.out core.saved [New LWP 19379] Segmentation fault (core dumped) ... The crash originates here in linux_vsyscall_range_raw, where we call alloca with phdrs_size == 4194112 (roughly 4MB): ... phdrs = (Elf_Internal_Phdr *) alloca (phdrs_size); ... While for this test-case gdb runs fine with the system default stack limit of 8MB, there are cases reported of 12MB phdrs_size where gdb also crashes with the system default stack limit. Fix this by using xmalloc instead of alloca, which prevents the crash provided the stack limit is at least 112kb. Build and reg-tested on x86_64-linux. 2018-11-06 Tom de Vries * linux-tdep.c (linux_vsyscall_range_raw): Use xmalloc to allocate program headers. * gdb.base/many-headers.c: New test. * gdb.base/many-headers.exp: New file. --- gdb/linux-tdep.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'gdb/linux-tdep.c') diff --git a/gdb/linux-tdep.c b/gdb/linux-tdep.c index c958c0d..2c766808 100644 --- a/gdb/linux-tdep.c +++ b/gdb/linux-tdep.c @@ -2269,7 +2269,6 @@ linux_vsyscall_range_raw (struct gdbarch *gdbarch, struct mem_range *range) the vDSO. */ if (!target_has_execution) { - Elf_Internal_Phdr *phdrs; long phdrs_size; int num_phdrs, i; @@ -2277,16 +2276,17 @@ linux_vsyscall_range_raw (struct gdbarch *gdbarch, struct mem_range *range) if (phdrs_size == -1) return 0; - phdrs = (Elf_Internal_Phdr *) alloca (phdrs_size); - num_phdrs = bfd_get_elf_phdrs (core_bfd, phdrs); + gdb::unique_xmalloc_ptr + phdrs ((Elf_Internal_Phdr *) xmalloc (phdrs_size)); + num_phdrs = bfd_get_elf_phdrs (core_bfd, phdrs.get ()); if (num_phdrs == -1) return 0; for (i = 0; i < num_phdrs; i++) - if (phdrs[i].p_type == PT_LOAD - && phdrs[i].p_vaddr == range->start) + if (phdrs.get ()[i].p_type == PT_LOAD + && phdrs.get ()[i].p_vaddr == range->start) { - range->length = phdrs[i].p_memsz; + range->length = phdrs.get ()[i].p_memsz; return 1; } -- cgit v1.1