Date: Mon, 16 Jan 2017 07:30:51 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 216132] devel/gdb: at e.g. -r431413: get_core_register_section can get SIGSEGV from NULL regset arguments Message-ID: <bug-216132-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D216132 Bug ID: 216132 Summary: devel/gdb: at e.g. -r431413: get_core_register_section can get SIGSEGV from NULL regset arguments Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: markmi@dsl-only.net CC: luca.pizzamiglio@gmail.com Flags: maintainer-feedback?(luca.pizzamiglio@gmail.com) CC: luca.pizzamiglio@gmail.com I got the following from supplying a qemu_gmake.core (an armv6 file) to /usr/local/bin/gdb : Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00000000006f3822 in get_core_register_section (regcache=3D0x80497ac00, regset=3D0x0, name=3D0x1291e6d ".reg", min_size=3D0, which=3D0, human_name= =3D0x123deb4 "general-purpose", required=3D1) at corelow.c:544 544 if (size !=3D min_size && !(regset->flags & REGSET_VARIABLE_SIZE)) (gdb) bt #0 0x00000000006f3822 in get_core_register_section (regcache=3D0x80497ac00, regset=3D0x0, name=3D0x1291e6d ".reg", min_size=3D0, which=3D0, human_name= =3D0x123deb4 "general-purpose", required=3D1) at corelow.c:544 #1 0x00000000006f256e in get_core_registers (ops=3D0x22556c8 <core_ops>, regcache=3D0x80497ac00, regno=3D15) at corelow.c:629 #2 0x00000000007d5cee in delegate_fetch_registers (self=3D0x22556c8 <core_= ops>, arg1=3D0x80497ac00, arg2=3D15) at ./target-delegates.c:143 #3 0x00000000007d3ff5 in target_fetch_registers (regcache=3D0x80497ac00, regno=3D15) at target.c:3540 #4 0x00000000006ec2b8 in regcache_raw_read (regcache=3D0x80497ac00, regnum= =3D15, buf=3D0x7fffffffdb40 "") at regcache.c:660 #5 0x00000000006ecc05 in regcache_cooked_read (regcache=3D0x80497ac00, regnum=3D15, buf=3D0x7fffffffdb40 "") at regcache.c:751 #6 0x00000000006ed1e0 in regcache_cooked_read_unsigned (regcache=3D0x80497= ac00, regnum=3D15, val=3D0x7fffffffdbb0) at regcache.c:855 #7 0x00000000006ee486 in regcache_read_pc (regcache=3D0x80497ac00) at regcache.c:1221 #8 0x000000000075cb9e in post_create_inferior (target=3D0x22556c8 <core_op= s>, from_tty=3D1) at infcmd.c:429 #9 0x00000000006f1ed6 in core_open (arg=3D0x8049d924a "qemu_gmake.core", from_tty=3D1) at corelow.c:407 #10 0x000000000085d00e in core_file_command (filename=3D0x8049d924a "qemu_gmake.core", from_tty=3D1) at corefile.c:77 #11 0x000000000063b75e in do_cfunc (c=3D0x8049af3a0, args=3D0x8049d924a "qemu_gmake.core", from_tty=3D1) at ./cli/cli-decode.c:105 #12 0x000000000063f538 in cmd_func (cmd=3D0x8049af3a0, args=3D0x8049d924a "qemu_gmake.core", from_tty=3D1) at ./cli/cli-decode.c:1913 #13 0x00000000008e229d in execute_command (p=3D0x8049d9258 "e", from_tty=3D= 1) at top.c:674 #14 0x000000000079c606 in command_handler (command=3D0x8049d9240 "") at event-top.c:628 #15 0x000000000079ca8f in command_line_handler (rl=3D0x80481c020 " \222\235\004\b") at event-top.c:820 #16 0x000000000079bf73 in gdb_rl_callback_handler (rl=3D0x80481c020 " \222\235\004\b") at event-top.c:200 #17 0x0000000802280fa4 in rl_callback_read_char () from /usr/local/lib/libreadline.so.6 #18 0x000000000079bbff in gdb_rl_callback_read_char_wrapper (client_data=3D0x804821000) at event-top.c:173 #19 0x000000000079c438 in stdin_event_handler (error=3D0, client_data=3D0x804821000) at event-top.c:555 #20 0x000000000079ba92 in handle_file_event (file_ptr=3D0x804893d70, ready_mask=3D1) at event-loop.c:733 #21 0x000000000079a521 in gdb_wait_for_event (block=3D1) at event-loop.c:859 #22 0x0000000000799ecc in gdb_do_one_event () at event-loop.c:347 #23 0x000000000079a6f7 in start_event_loop () at event-loop.c:371 #24 0x0000000000793b37 in captured_command_loop (data=3D0x0) at main.c:324 #25 0x000000000078c7e5 in catch_errors (func=3D0x793af0 <captured_command_loop(void*)>, func_args=3D0x0, errstring=3D0x1cc597f "", mask=3DRETURN_MASK_ALL) at exceptions.c:236 #26 0x0000000000793370 in captured_main (data=3D0x7fffffffe5e8) at main.c:1= 149 #27 0x0000000000792038 in gdb_main (args=3D0x7fffffffe5e8) at main.c:1159 #28 0x0000000000408ac9 in main (argc=3D2, argv=3D0x7fffffffe678) at gdb.c:38 The crash is from regset begin NULL in: 507 static void 508 get_core_register_section (struct regcache *regcache, 509 const struct regset *regset, 510 const char *name, 511 int min_size, 512 int which, 513 const char *human_name, 514 int required) . . . (no references to regset) . . . 544 if (size !=3D min_size && !(regset->flags & REGSET_VARIABLE_SIZE)) 545 { 546 warning (_("Unexpected size of section `%s' in core file."), 547 section_name); 548 } . . . There are calls around with regset set to NULL as a constant argument, for example: 627 else 628 { 629 get_core_register_section (regcache, NULL, 630 ".reg", 0, 0, "general-purpose", 1= ); 631 get_core_register_section (regcache, NULL, 632 ".reg2", 0, 2, "floating-point", 0= ); 633 } The 629 one is the one in the crash back trace listed above. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216132-13>