unrelocated_addr is currently defined in symtab.h, but in order to
avoid having to include that in more places, I wanted to move the type
elsewhere. I considered defs.h, but it seemed reasonable to have it
next to CORE_ADDR, which is what this patch does.
dwarf2_record_block_ranges is only ever called with the text section
offset, so this patch removes the parameter entirely. This makes a
subsequent patch a little simpler.
When rewriting the program headers, don't warn an empty PT_LOAD with the
program headers.
bfd/
PR binutils/30508
* elf.c (rewrite_elf_program_header): Don't warn if an empty
PT_LOAD contains the program headers.
ld/
PR binutils/30508
* testsuite/ld-elf/pr30508.d: New file.
* testsuite/ld-elf/pr30508.s: Likewise.
History Of This Patch
=====================
This commit aims to address PR gdb/21699. There have now been a
couple of attempts to fix this issue. Simon originally posted two
patches back in 2021:
https://sourceware.org/pipermail/gdb-patches/2021-July/180894.htmlhttps://sourceware.org/pipermail/gdb-patches/2021-July/180896.html
Before Pedro then posted a version of his own:
https://sourceware.org/pipermail/gdb-patches/2021-July/180970.html
After this the conversation halted. Then in 2023 I (Andrew) also took
a look at this bug and posted two versions:
https://sourceware.org/pipermail/gdb-patches/2023-April/198570.htmlhttps://sourceware.org/pipermail/gdb-patches/2023-April/198680.html
The approach taken in my first patch was pretty similar to what Simon
originally posted back in 2021. My second attempt was only a slight
variation on the first.
Pedro then pointed out his older patch, and so we arrive at this
patch. The GDB changes here are mostly Pedro's work, but updated by
me (Andrew), any mistakes are mine.
The tests here are a combinations of everyone's work, and the commit
message is new, but copies bits from everyone's earlier work.
Problem Description
===================
Bug PR gdb/21699 makes the observation that using $_as_string with
GDB's printf can cause GDB to print unexpected data from the
inferior. The reproducer is pretty simple:
#include <stddef.h>
static char arena[100];
/* Override malloc() so value_coerce_to_target() gets a known
pointer, and we know we"ll see an error if $_as_string() gives
a string that isn't null terminated. */
void
*malloc (size_t size)
{
memset (arena, 'x', sizeof (arena));
if (size > sizeof (arena))
return NULL;
return arena;
}
int
main ()
{
return 0;
}
And then in a GDB session:
$ gdb -q test
Reading symbols from /tmp/test...
(gdb) start
Temporary breakpoint 1 at 0x4004c8: file test.c, line 17.
Starting program: /tmp/test
Temporary breakpoint 1, main () at test.c:17
17 return 0;
(gdb) printf "%s\n", $_as_string("hello")
"hello"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
(gdb) quit
The problem above is caused by how value_cstring is used within
py-value.c, but once we understand the issue then it turns out that
value_cstring is used in an unexpected way in many places within GDB.
Within py-value.c we have a null-terminated C-style string. We then
pass a pointer to this string, along with the length of this
string (so not including the null-character) to value_cstring.
In value_cstring GDB allocates an array value of the given character
type, and copies in requested number of characters. However
value_cstring does not add a null-character of its own. This means
that the value created by calling value_cstring is only
null-terminated if the null-character is included in the passed in
length. In py-value.c this is not the case, and indeed, in most uses
of value_cstring, this is not the case.
When GDB tries to print one of these strings the value contents are
pushed to the inferior, and then read back as a C-style string, that
is, GDB reads inferior memory until it finds a null-terminator. For
the py-value.c case, no null-terminator is pushed into the inferior,
so GDB will continue reading inferior memory until a null-terminator
is found, with unpredictable results.
Patch Description
=================
The first thing this patch does is better define what the arguments
for the two function value_cstring and value_string should represent.
The comments in the header file are updated to describe whether the
length argument should, or should not, include a null-character.
Also, the data argument is changed to type gdb_byte. The functions as
they currently exist will handle wide-characters, in which case more
than one 'char' would be needed for each character. As such using
gdb_byte seems to make more sense.
To avoid adding casts throughout GDB, I've also added an overload that
still takes a 'char *', but asserts that the character type being used
is of size '1'.
The value_cstring function is now responsible for adding a null
character at the end of the string value it creates.
However, once we start looking at how value_cstring is used, we
realise there's another, related, problem. Not every language's
strings are null terminated. Fortran and Ada strings, for example,
are just an array of characters, GDB already has the function
value_string which can be used to create such values.
Consider this example using current GDB:
(gdb) set language ada
(gdb) p $_gdb_setting("arch")
$1 = (97, 117, 116, 111)
(gdb) ptype $
type = array (1 .. 4) of char
(gdb) p $_gdb_maint_setting("test-settings string")
$2 = (0)
(gdb) ptype $
type = array (1 .. 1) of char
This shows two problems, first, the $_gdb_setting and
$_gdb_maint_setting functions are calling value_cstring using the
builtin_char character, rather than a language appropriate type. In
the first call, the 'arch' case, the value_cstring call doesn't
include the null character, so the returned array only contains the
expected characters. But, in the $_gdb_maint_setting example we do
end up including the null-character, even though this is not expected
for Ada strings.
This commit adds a new language method language_defn::value_string,
this function takes a pointer and length and creates a language
appropriate value that represents the string. For C, C++, etc this
will be a null-terminated string (by calling value_cstring), and for
Fortran and Ada this can be a bounded array of characters with no null
terminator. Additionally, this new language_defn::value_string
function is responsible for selecting a language appropriate character
type.
After this commit the only calls to value_cstring are from the C
expression evaluator and from the default language_defn::value_string.
And the only calls to value_string are from Fortan, Ada, and ObjectC
related code.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21699
Co-Authored-By: Simon Marchi <simon.marchi@efficios.com>
Co-Authored-By: Andrew Burgess <aburgess@redhat.com>
Co-Authored-By: Pedro Alves <pedro@palves.net>
Approved-By: Simon Marchi <simon.marchi@efficios.com>
Fix grammar in some comments and docs:
- machines that doesn't -> machines that don't
- its a -> it's a
- its the -> it's the
- if does its not -> if it does it's not
- one more instructions if doesn't match ->
one more instruction if it doesn't match
- it's own -> its own
- it's first -> its first
- it's pointer -> its pointer
I also came across "it's performance" in gdb/stubs/*-stub.c in the HP public
domain notice, I've left that alone.
Tested on x86_64-linux.
bfd_errmsg uses asprintf for bfd_error_on_input, which means we
currently leak memory. Keep a static pointer to the message and free
it in various places to minimise the leaks.
bfd_set_input_error (NULL, bfd_error_no_error) is a way to free up the
last string if that matters.
* bfd.c (input_error_msg): New static var.
(bfd_set_input_error): Free it here..
(bfd_init): ..and here..
(bfd_errmsg): ..and here. Use it for asprintf output.
We should try our best to make mips32 using the same
oprand char with micromips. So for mips32, we use:
^ is added for 5bit sa oprand for some new DSPr2 instructions:
APPEND, PREPEND, PRECR_SRA[_R].PH.W
the LSB bit is 11, like RD.
+t is removed for coprocessor 0 destination register.
'E' does the samething.
+t is now used for RX oprand for MFTR/MTTR (MT ASE)
? is added for sel oprand for MFTR/MTTR (MT ASE)
For mips32, the position of sel in MFTR/MTTR is same with mfc0 etc,
while for micromips, they are different.
We also add an extesion format of cftc2/cttc2/mftc2/mfthc2/mttc2/mtthc2:
concatenating rs with rx as the index of control or data.
1. config/default.exp:
use -mabi=32 not for -gnuabi64
xfail_from_runlist: remove an element and mark it xfail.
2. ld-elf/indirect.exp: xfail
indirect5a indirect5b indirect6a indirect6b
indirect5c indirect5d indirect6c indirect6d
3. ld-elf/pr23658-2: mips output is not common
4. ld-elf/shared.exp: non-run on mips: Build libpr16496b.so
5. ld-elfvers/vers.exp:
xfail vers4, vers4b
no-run on mips: vers24a, vers24b, vers24c
6. ld-gc/gc.exp: add -KPIC into asflags for pr13683, pr14265, pr19161
7. ld-mips-elf/mips-elf.exp:
use noarch for mips16-local-stubs-1, since it use -mips4
8. ld-plugin/lto.exp:
no-run on mips/linux: PR ld/12982
add -KPIC into asflags for lto-3r, lto-5r, PR ld/19317 (2)
xfail PR ld/15323 (4), PR ld/19317 (3)
9. ld-plugin/plugin.exp: xfail
plugin claimfile lost symbol
plugin claimfile replace symbol
plugin claimfile replace symbol
plugin claimfile lost symbol with source
plugin claimfile replace symbol with source
plugin claimfile resolve symbol with source
plugin 2 with source lib
load plugin 2 with source
plugin 3 with source lib
load plugin 3 with source
11. ld-selective/selective.exp: add -fno-PIC, which is needed for -mno-abicalls
12. ld-shared/shared.exp: xfail shared (non PIC), shared (PIC main, non PIC so)
Test on:
mips64-linux-gnuabi64
mips64el-linux-gnuabi64
mipsisa64-linux-gnuabi64
mipsisa64el-linux-gnuabi64
mipsisa64r2-linux-gnuabi64
mipsisa64r2el-linux-gnuabi64
mipsisa64r6-linux-gnuabi64
mipsisa64r6el-linux-gnuabi64
Introduce
run_dump_test_o32l
run_dump_test_n32l
run_dump_test_n64l
Which use `-march=from-abi` for pre-R6 testcases,
like micromips/mips16e etc.
For cases doesn't use run_dump_test_*, we use
-mips32r2 for micromips32
-mips1 for mips16-32
-march=from-abi for testcases to o32/n32/n64 both/all.
Replace `addi` with `addiu` for some cases for both r6 and pre-R6.
Introduce some new testcases for r6 with FPXX/FP64.
Introduce new testcase: comdat-reloc-r6.
Skip `default` in mips_arch_list_matching if triple is mipsisa*, due to:
1)it will cannot match mipsr6@*.d: since mips32rN/mips64rN
will always be used, it won't be a problem.
2)some test think -march=mips64rN will alway true for mipsisa64rN,
which is not true now.
This patch fix testsuite for all r6-default gnu triples:
mipsisa32r6-linux-gnu
mipsisa32r6el-linux-gnu
mips-img-linux-gnu
mipsel-img-linux-gnu
mipsisa64r6-linux-gnu
mipsisa64r6el-linux-gnu
This behavior is used by downstream toolchain since 2014.
We also set the default ABI for mips*-img-elf to O32.
The previous value is NO_ABI, which is not good default ABI.
We don't support mips64*-img* due to GCC doesn't support it,
and We believe that the multilib should be used for this case.
When configure with triples mipsisa[32,64]rN[el,], the march value
is pinned to a fix value if not given explicitly. for example
1) mipsisa32r6-linux-gnu -n32 xx.s will complains that:
-march=mips32r6 is not compatible with the selected ABI
2) mipsisa64r2el-linux-gnu -o32 generates objects with 64bit CPU:
ELF 32-bit LSB relocatable, MIPS, MIPS64 rel2 version 1 (SYSV)
They are not good default behaviors: Let's alter the CPU info
Since we are using these triples as a regular linux distributions,
let's alter march according to ABI.
In microblaze_analyze_prologue in gdb/microblaze-tdep.c I came across:
...
microblaze_debug ("got addi r1,r1,%d; contnuing\n", imm);
...
Fix this by using "continuing".
Reviewed-By: Tom Tromey <tom@tromey.com>
In gdb/python/py-value.c, in the value_object_methods array I noticed:
...
{ "const_value", valpy_const_value, METH_NOARGS,
"Return a 'const' qualied version of the same value." },
...
Fix the qualied -> qualified typo.
Reviewed-By: Tom Tromey <tom@tromey.com>
In gdb/guile/scm-value.c, I noticed in the value_functions array initializer:
...
{ "value-optimized-out?", 1, 0, 0,
as_a_scm_t_subr (gdbscm_value_optimized_out_p),
"\
Return #t if the value has been optimizd out." },
...
There's a typo in the doc string.
Fix this by using "optimized".
Reviewed-By: Tom Tromey <tom@tromey.com>
I noticed:
...
(gdb) help show tui tab-width
Show the tab witdh, in characters, for the TUI.
This variable controls how many spaces are used to display a tab character.
...
a typo: "witdh".
Fix this by using "width" instead.
Reviewed-By: Tom Tromey <tom@tromey.com>
I noticed a typo:
...
(gdb) help maint info target-sections
List GDB's internal section table.
Print the current targets section list. This is a sub-set of all
sections, from all objects currently loaded. Usually the ALLOC
sectoins.
...
Fix this by using "sections".
Reviewed-By: Tom Tromey <tom@tromey.com>
I noticed here:
...
(gdb) help maint set ignore-prologue-end-flag
Set if the PROLOGUE-END flag is ignored.
The PROLOGUE-END flag from the line-table entries is used to place \
breakpoints past the prologue of functions. Disabeling its use use forces \
the use of prologue scanners.
...
a typo in "Disabeling" and accidental word repetition "use use".
Fix by replacing with "Disabling" and "use".
Reviewed-By: Tom Tromey <tom@tromey.com>
In compile_object_load in gdb/compile/compile-object-load.c I came across:
...
"Connectiong ELF symbol \"%s\" to the .toc section (%s)\n",
...
Fix this typo by using "Connecting" instead.
Reviewed-By: Tom Tromey <tom@tromey.com>
I noticed in emit_ops_insns in gdbserver/linux-aarch64-low.cc:
...
threads_debug_printf ("Adding %d instrucions at %s",
...
Fix the typo by using "instructions" instead.
Reviewed-By: Tom Tromey <tom@tromey.com>
Two functions use the argument name bounds_prefered_p.
This misspells "preferred".
Fix this by using bounds_preferred_p instead.
Tested on x86_64-linux.
Reviewed-By: Tom Tromey <tom@tromey.com>
Yet another fuzzer fix.
* ecoff.c (ecoff_slurp_symbolic_header <FIX>): Zero counts when
associated pointer is zero.
(_bfd_ecoff_slurp_symbolic_info): Remove now unnecessary check.
Caught this during emulator testing.
Fix the constants. They should be 0xa and 0xb as opposed to 0x10 and
0x11. There was a thinko while defining them.
Obvious enough.
Tested on aarch64-linux Ubuntu 20.04/22.04.
Another fix for fuzzed object files, exhibiting as a segfault in
nm.c filter_symbols when accessing a symbol name.
* ecoff.c (_bfd_ecoff_slurp_symbol_table): Sanity check
fdr_ptr->issBase, and tighten sym.iss check.
This fixes two buffer overflows found by fuzzers.
* readelf.c (target_specific_reloc_handling): Sanity check
loongarch reloc symbol index. Don't apply reloc after errors.
Reduce translation work of "invalid symbol index" error message.
Define a new constant for the maximum number of stack offsets handled in
libsframe, and use it. Note that the SFrame format does not define such
a constant (limit). This is an implmentation-defined constant in
libsframe.
include/
* sframe-api.h (MAX_NUM_STACK_OFFSETS): New definition.
libsframe/
* sframe.c (sframe_fre_sanity_check_p): Use it.
For TLS GD/IE, add the same condition with the relocate_section in the
allocate_dynrelocs, to make sure we won't reserve redundant spaces
for dynamic relocations since the conservative estimatation.
After applying this patch, ld seems no longer generate the spurious
R_RISCV_NONE for pr22263-1 test, and the test in pr24676.
bfd/
PR ld/22263
PR ld/24676
* elfnn-riscv.c (RISCV_TLS_GD_IE_NEED_DYN_RELOC): New defined.
Set NEED_RELOC to true if TLS GD/IE needs dynamic relocations,
and INDX will be the dynamic index.
(allocate_dynrelocs): Don't reserve extra spaces in the rela.got
if RISCV_TLS_GD_IE_NEED_DYN_RELOC set need_reloc to false. This
condition needs to be same as relocate_section.
(relocate_section): Likewise, use the same condition as
allocate_dynrelocs.
PowerPC64 ELFv1 object files should have at most one .opd section, and
OPD handling in elf64-ppc.c makes use of this fact by caching some
.opd section info in the per-object bfd.tdata. This was done to avoid
another word in the target specific section data. Of course, fuzzers
don't respect the ABI, and even non-malicious users can accidentally
create multiple .opd sections. So it is better to avoid possible
buffer overflows and other confusion when OPD handling for a second
.opd section references data for the first .opd section, by keeping
the data per-section.
The patch also fixes a memory leak, and a corner case where I think we
could hit an assertion in opd_entry_value or read out of bounds in
ppc64_elf_branch_reloc doing a final link producing non-ppc64 output.
(It's a really rare corner case because not only would you need to be
linking ppc64 objects to non-ppc64 output, you'd also need a branch
reloc symbol to be defined in a .opd section of a non-ppc64 input.)
* elf64-ppc.c (is_ppc64_elf): Move earlier in file.
(ppc64_elf_branch_reloc): Check symbol bfd before accessing
ppc64 elf specific data structures.
(struct ppc64_elf_obj_tdata): Move opd union..
(struct _ppc64_elf_section_data): ..to here.
(ppc64_elf_before_check_relocs): Allow for opd sec_type
already set to sec_opd.
(ppc64_elf_check_relocs): Only set sec_type to sec_toc when
unset. Error for unexpected toc relocs.
(opd_entry_value): Return -1 when non-ppc64 rather than
asserting. Check and set sec_type too. Adjust for changed
location of contents and relocs.
(ppc64_elf_relocate_section): Adjust for changed location of
cached .opd relocs.
(ppc64_elf_free_cached_info): New function.
(bfd_elf64_bfd_free_cached_info): Define.
bfd_free_cached_info is used in just one place in archive.c, which
means most times we reach bfd_close the function isn't called. On the
other hand, if bfd_free_cached_info is called we can't do much on the
bfd since it loses all its obj_alloc memory. This restricts what can
be done in a target _close_and_cleanup. In particular you can't look
at sections, which leads to duplication of code in target
close_and_cleanup and free_cached_info, eg. elfnn-aarch64.c.
* opncls.c (_bfd_delete_bfd): Call bfd_free_cached_info.
* elfnn-aarch64.c (elfNN_aarch64_close_and_cleanup): Delete.
(bfd_elfNN_close_and_cleanup): Don't define.
* som.c (som_bfd_free_cached_info): Don't call
_bfd_generic_close_and_cleanup here.
(som_close_and_cleanup): Define as _bfd_generic_close_and_cleanup.
The rs6000 backend can call coff_section_from_bfd_index from its
object_p function via coff_set_alignment_hook. If the object doesn't
match, or another target matches too, then the hash table needs to be
freed via a cleanup.
* coffgen.c (coff_object_cleanup): New function.
(coff_real_object_p): Return coff_object_cleanup, and call on
failure path. Move declaration to..
* libcoff-in.h: ..here.
(coff_object_cleanup): Declare.
* coff-stgo32.c (go32exe_cleanup): Call coff_object_cleanup.
(go32exe_check_format): Adjust assertion.
* libcoff.h: Regenerate.
The assertions in cpu-sh.c can be triggered by passing bogus values
in disassemble_info.mach. This doesn't cause any bfd misbehaviour.
* cpu-sh.c (sh_get_arch_from_bfd_mach): Remove BFD_FAIL.
(sh_get_arch_up_from_bfd_mach): Likewise.
Tom Tromey
H.J. Lu
Andrew Burgess
Tom de Vries
Alan Modra
YunQiang Su
GDB Administrator
Luis Machado
Indu Bhagat
Jim Wilson
Nelson Chu
Vladimir Mezentsev