gdb crashed with SIGSEGV in response to strace command with no arguments
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gdb |
Fix Released
|
Medium
|
|||
gdb (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: gdb
gdb (package version 7.2-1ubuntu3 on Maverick amd64) segfaults when given the strace command with no arguments:
ek@Apok:~$ gdb
GNU gdb (GDB) 7.2-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://
(gdb) strace
Segmentation fault (core dumped)
strace with arguments does not cause a crash, and appears to work correctly. This bug also occurs when gdb is debugging a running program and the strace commad is issued without arguments (i.e., it does not only happen in the trivial case shown above).
I am able to reproduce this bug on Maverick i386 (same gdb package version as above) and Natty i386 (gdb package version package version 7.2-1ubuntu6) as well.
ProblemType: Crash
DistroRelease: Ubuntu 10.10
Package: gdb 7.2-1ubuntu3
ProcVersionSign
Uname: Linux 2.6.35-24-generic x86_64
Architecture: amd64
Date: Sat Dec 18 01:52:11 2010
ExecutablePath: /usr/bin/gdb
InstallationMedia: Xubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100406)
ProcCmdline: gdb
ProcEnviron:
SHELL=/bin/bash
LC_MESSAGES=
LANG=en_US.utf8
LANGUAGE=
SegvAnalysis:
Segfault happened at: 0x4be88a: repz cmpsb %es:(%rdi)
PC (0x004be88a) ok
source "%es:(%rdi)" (0x0069de12) ok
destination "%ds:(%rsi)" (0x00000000) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: gdb
StacktraceTop:
?? ()
?? ()
?? ()
?? ()
?? ()
Title: gdb crashed with SIGSEGV
UserGroups: adm admin cdrom lpadmin plugdev sambashare
Changed in gdb: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
Created attachment 5120
Screen dump of debug procedure; Backtrace of gdb using gdb
Steps to reproduce
------------------
1. Start gdb
2. Load and start any arbitrary binary.
3. Issue the command 'strace' without any args
---> gdb segfaults !
As per GDB's internal doc
"""
(gdb) help strace
Set a static tracepoint at specified line, function or marker.
strace [LOCATION] [if CONDITION]
.....
.....
With no LOCATION, uses current execution address of
the selected stack frame
"""
Debug gdb using gdb ------- ------
....<segfaults>
-------
1. Created a simple binary "trivial"
2. Started gdb
3. load and run gdb
3.1. Load and start "trivial"
3.2. issue 'strace' command
4. run bt
[See the attachment for the complete screen dump]
Backtrace generated in the parent gdb after the segfault ------- ------- ------- ------- ------- ------- ------- -
-------
#0 0xb7cca90d in strncmp () from /lib/libc.so.6 _and_thread= 1, tempflag=0, wanted= bp_static_ tracepoint, ignore_count=0, pending_ break_support= AUTO_BOOLEAN_ AUTO, ops=0x0, from_tty=1, enabled=1) at breakpoint.c:7475 decode. c:67 decode. c:1771 line_handler (rl=0x8511b48 "\300\241X\ b(\033Q\ b") at event-top.c:702 read_char () at callback.c:205 read_char_ wrapper (client_data=0x0) at event-top.c:178 interp. c:171 interp_ command_ loop () at interps.c:291 command_ loop (data=0x0) at ./main.c:227 command_ loop>, func_args=0x0, errstring=0x830ac06 "", mask=6) at exceptions.c:518 0xbffff480, errstring=0x830ac06 "", mask=6) at exceptions.c:518
#1 0x08109ebd in create_breakpoint (gdbarch=0x8542578, arg=0x0, cond_string=0x0, thread=0, parse_condition
type_
#2 0x0810f7cf in strace_command (arg=0x0, from_tty=1) at breakpoint.c:10908
#3 0x080c4beb in do_cfunc (c=0x8452368, args=0x0, from_tty=1) at ./cli/cli-
#4 0x080c72cb in cmd_func (cmd=0x8452368, args=0x0, from_tty=1) at ./cli/cli-
#5 0x080578dd in execute_command (p=0x84309d6 "", from_tty=1) at top.c:422
#6 0x0816f27a in command_handler (command=0x84309d0 "strace") at event-top.c:498
#7 0x0816f7de in command_
#8 0x0825992b in rl_callback_
#9 0x0816e9e7 in rl_callback_
#10 0x0816f172 in stdin_event_handler (error=0, client_data=0x0) at event-top.c:433
#11 0x0816deaa in handle_file_event (data=...) at event-loop.c:817
#12 0x0816d6ed in process_event () at event-loop.c:399
#13 0x0816d7b2 in gdb_do_one_event (data=0x0) at event-loop.c:464
#14 0x0816864a in catch_errors (func=0x816d6fb <gdb_do_one_event>, func_args=0x0, errstring=0x832968b "", mask=6) at exceptions.c:518
#15 0x080d9f48 in tui_command_loop (data=0x0) at ./tui/tui-
#16 0x08168d16 in current_
#17 0x0804ebee in captured_
#18 0x0816864a in catch_errors (func=0x804ebe3 <captured_
#19 0x0804fa7e in captured_main (data=0xbffff480) at ./main.c:910
#20 0x0816864a in catch_errors (func=0x804ec24 <captured_main>, func_args=
#21 0x0804fab4 in gdb_main (args=0xbffff480) at ./main.c:919
#22 0x0804e973 in main (argc=1, argv=0xbffff544) at gdb.c:34
Looks like strncpy() dereferences the null pointer arg
I haven't tried any previous versions for the same issue.