)]}' { "commit": "58abdf887821a5da09ba184c6e400a3bc5cccd5a", "tree": "1c104ee4039f1b1c48be595cf6c417750b553c73", "parents": [ "eb9bbbb8d3d58231f701d0e4caf6aad029846a21" ], "author": { "name": "Keith Seitz", "email": "keiths@redhat.com", "time": "Wed Aug 02 08:35:11 2023 -0700" }, "committer": { "name": "Keith Seitz", "email": "keiths@redhat.com", "time": "Fri Aug 25 12:42:19 2023 -0700" }, "message": "Verify COFF symbol stringtab offset\n\nThis patch addresses an issue with malformed/fuzzed debug information that\nwas recently reported in gdb/30639. That bug specifically deals with\nan ASAN issue, but the reproducer provided by the reporter causes a\nanother failure outside of ASAN:\n\n$ ./gdb --data-directory data-directory -nx -q UAF_2\nReading symbols from /home/keiths/UAF_2...\n\n\nFatal signal: Segmentation fault\n----- Backtrace -----\n0x59a53a gdb_internal_backtrace_1\n\t../../src/gdb/bt-utils.c:122\n0x59a5dd _Z22gdb_internal_backtracev\n\t../../src/gdb/bt-utils.c:168\n0x786380 handle_fatal_signal\n\t../../src/gdb/event-top.c:889\n0x7864ec handle_sigsegv\n\t../../src/gdb/event-top.c:962\n0x7ff354c5fb6f ???\n0x611f9a process_coff_symbol\n\t../../src/gdb/coffread.c:1556\n0x611025 coff_symtab_read\n\t../../src/gdb/coffread.c:1172\n0x60f8ff coff_read_minsyms\n\t../../src/gdb/coffread.c:549\n0x60fe4b coff_symfile_read\n\t../../src/gdb/coffread.c:698\n0xbde0f6 read_symbols\n\t../../src/gdb/symfile.c:772\n0xbde7a3 syms_from_objfile_1\n\t../../src/gdb/symfile.c:966\n0xbde867 syms_from_objfile\n\t../../src/gdb/symfile.c:983\n0xbded42 symbol_file_add_with_addrs\n\t../../src/gdb/symfile.c:1086\n0xbdf083 _Z24symbol_file_add_from_bfdRKN3gdb7ref_ptrI3bfd18gdb_bfd_ref_policyEEPKc10enum_flagsI16symfile_add_flagEPSt6vectorI14other_sectionsSaISC_EES8_I12objfile_flagEP7objfile\n\t../../src/gdb/symfile.c:1166\n0xbdf0d2 _Z15symbol_file_addPKc10enum_flagsI16symfile_add_flagEPSt6vectorI14other_sectionsSaIS5_EES1_I12objfile_flagE\n\t../../src/gdb/symfile.c:1179\n0xbdf197 symbol_file_add_main_1\n\t../../src/gdb/symfile.c:1203\n0xbdf13e _Z20symbol_file_add_mainPKc10enum_flagsI16symfile_add_flagE\n\t../../src/gdb/symfile.c:1194\n0x90f97f symbol_file_add_main_adapter\n\t../../src/gdb/main.c:549\n0x90f895 catch_command_errors\n\t../../src/gdb/main.c:518\n0x9109b6 captured_main_1\n\t../../src/gdb/main.c:1203\n0x910fc8 captured_main\n\t../../src/gdb/main.c:1310\n0x911067 _Z8gdb_mainP18captured_main_args\n\t../../src/gdb/main.c:1339\n0x418c71 main\n\t../../src/gdb/gdb.c:39\n---------------------\nA fatal error internal to GDB has been detected, further\ndebugging is not possible. GDB will now terminate.\n\nThis is a bug, please report it. For instructions, see:\n\u003chttps://www.gnu.org/software/gdb/bugs/\u003e.\n\nSegmentation fault (core dumped)\n\nThe issue here is that the COFF offset for the fuzzed symbol\u0027s\nname is outside the string table. That is, the offset is greater\nthan the actual string table size.\n\ncoffread.c:getsymname actually contains a FIXME about this, and that\u0027s\nwhat I\u0027ve chosen to address to fix this issue, following what is done\nin the DWARF reader:\n\n$ ./gdb --data-directory data-directory -nx -q UAF_2\nReading symbols from /home/keiths/UAF_2...\nCOFF Error: string table offset (256) outside string table (length 0)\n(gdb)\n\nUnfortunately, I haven\u0027t any idea how else to test this patch since\nCOFF is not very common anymore. GCC removed support for it five\nyears ago with GCC 8.\n", "tree_diff": [ { "type": "modify", "old_id": "f8e14d8ad93f1dcf496230d075abed5342b06692", "old_mode": 33188, "old_path": "gdb/coffread.c", "new_id": "ae7632d49cba30b8fb7c6b9a057879970f6c6c84", "new_mode": 33188, "new_path": "gdb/coffread.c" } ] }