gdb 6.7 can SIGSEGV when printing state

Bug #196274 reported by Greg Law on 2008-02-27
6
Affects Status Importance Assigned to Milestone
gdb (Ubuntu)
Undecided
Kees Cook
Hardy
Low
Matthias Klose

Bug Description

gdb 6.7 has a bug which can cause random SIGSEGV's (in gdb itself). The simplest way to reproduce is within any active gdb session:

(gdb) flushregs
(gdb) print $pc

however, the bug can (theoretically at least) bite pretty much any time. The fix is simple (see patch).
This fix has been applied for the soon-to-be released gdb-6.8 but remains in the official 6.7 release. See here for discussion of the issue and patch:

http://www.nabble.com/SIGSEGV-on-gdb-6.7*-tt15277232.html#a15277232

Greg Law (glaw) wrote :
Kees Cook (kees) wrote :

Thanks for this fix! I've pulled the other fixes and testsuite adjustments from the gdb thread. It should be available shortly.

Changed in gdb:
assignee: nobody → keescook
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gdb - 6.7.1-2ubuntu2

---------------
gdb (6.7.1-2ubuntu2) hardy; urgency=low

  * debian/patches/gdb-cvs-reinit_frame_cache.patch: upstream fix for SEGV
    when dealing with register caches (LP: #196274).

 -- Kees Cook <email address hidden> Fri, 07 Mar 2008 09:51:58 -0800

Changed in gdb:
status: Fix Committed → Fix Released
Greg Law (glaw) wrote :

This seems to have regressed. I confirmed it as fixed during the beta, but I've noticed that in a fresh and updated install of 8.04 it bites once again :-( gdb-6.8 and gdb cvs are both ok though.

Changed in gdb:
status: Fix Released → New
Matthias Klose (doko) wrote :

uploaded gdb_6.8-1ubuntu3 to hardy-proposed

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gdb - 6.8-3ubuntu2

---------------
gdb (6.8-3ubuntu2) intrepid; urgency=low

  * debian/rules: on sparc, configure the 64bit build woth --disable-werror.
  * Reapply debian/patches/gdb-cvs-reinit_frame_cache.patch. LP: #196274.

 -- Matthias Klose <email address hidden> Tue, 24 Jun 2008 15:42:23 +0200

Changed in gdb:
status: New → Fix Released
Kees Cook (kees) on 2008-09-08
Changed in gdb:
assignee: nobody → doko
importance: Undecided → Low
status: New → In Progress
Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in gdb:
status: In Progress → Fix Committed
Kees Cook (kees) wrote :
Download full text (5.3 KiB)

I can confirm that gdb now doesn't crash and still operates as expected in normal situations.

Before:

$ sleep 120 &
[1] 26974
$ gdb -p 26974
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Attaching to process 26974
Reading symbols from /bin/sleep...(no debugging symbols found)...done.
Reading symbols from /lib/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /lib/libc.so.6...
(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
[New Thread 0x7fbac8f106e0 (LWP 26974)]
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/ld-linux-x86-64.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
(no debugging symbols found)
0x00007fbac882cb50 in nanosleep () from /lib/libc.so.6
(gdb) bt
#0 0x00007fbac882cb50 in nanosleep () from /lib/libc.so.6
#1 0x0000000000402c3b in ?? ()
#2 0x0000000000402780 in ?? ()
#3 0x00000000004014ee in ?? ()
#4 0x00007fbac87ad1c4 in __libc_start_main () from /lib/libc.so.6
#5 0x00000000004011b9 in ?? ()
#6 0x00007fffd0f16078 in ?? ()
#7 0x0000000000000000 in ?? ()
(gdb) quit
The program is running. Quit anyway (and detach it)? (y or n) y
Detaching from program: /bin/sleep, process 26974

$ gdb $(which gdb)
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(no debugging symbols found)
(gdb) start
Breakpoint 1 at 0x445d50
Starting program: /usr/bin/gdb
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 0x7f08a57516e0 (LWP 26956)]
[Switching to Thread 0x7f08a57516e0 (LWP 26956)]
0x0000000000445d50 in main ()
(gdb) flushregs
Register cache flushed.
(gdb) print $pc
Segmentation fault (core dumped)

After:

$ sleep 120 &
[1] 27360
$ gdb -p 27360
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Attaching to process 27360
Reading symbols from /bin/sleep...(no debu...

Read more...

Martin Pitt (pitti) wrote :

Copied to hardy-updates.

Changed in gdb:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers