- Added local patch gdb-fix-buf-overflow.diff.

OBS-URL: https://build.opensuse.org/package/show/devel:gcc/gdb?expand=0&rev=133
2016-02-29 21:39:10 +00:00 · 2016-02-29 21:39:10 +00:00 · d8d14d30fb
commit d8d14d30fb
parent b288fe5a9a
4 changed files with 96 additions and 1 deletions
--- a/gdb-fix-buf-overflow.diff
+++ b/gdb-fix-buf-overflow.diff
@ -0,0 +1,55 @@
+As comment explain, horror hack.  The symptom is that gdb
+itself segfault when the moon is right (Factory at 2016-02-29,
+on my machine), with gdb.base/call-sc (call-sc-tld variant,
+i.e. long double), when checking the -m32 executables with
+a host-x86-64 gdb.
+The buffer overflow that valgrind sees actually clobbers a different
+buffer so that glibc aborts in an unrelated free.
+
+valgrind report:
+
+==3167== Invalid write of size 8
+==3167==    at 0x74489B: memcpy (string3.h:53)
+==3167==    by 0x74489B: floatformat_from_doublest (doublest.c:747)
+==3167==    by 0x744CA2: store_typed_floating (doublest.c:854)
+==3167==    by 0x60E6E3: value_from_double (value.c:3702)
+==3167==    by 0x61C2D6: value_cast (valops.c:466)
+==3167==    by 0x6476D7: value_arg_coerce (infcall.c:228)
+==3167==    by 0x6476D7: call_function_by_hand_dummy (infcall.c:951)
+==3167==    by 0x614EC6: evaluate_subexp_standard (eval.c:2066)
+==3167==    by 0x70813E: evaluate_subexp_c (c-lang.c:716)
+==3167==    by 0x6108CC: evaluate_expression (eval.c:163)
+==3167==    by 0x62950A: print_command_1 (printcmd.c:1012)
+==3167==    by 0x737E75: execute_command (top.c:475)
+==3167==    by 0x67037B: command_handler (event-top.c:496)
+==3167==    by 0x670A36: command_line_handler (event-top.c:695)
+==3167==  Address 0x83a6e68 is 8 bytes inside a block of size 12 alloc'd
+==3167==    at 0x4C2C135: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
+==3167==    by 0x766B10: xcalloc (common-utils.c:83)
+==3167==    by 0x60B27B: allocate_value_contents.isra.4 (value.c:1043)
+==3167==    by 0x60E6B0: allocate_value (value.c:1054)
+==3167==    by 0x60E6B0: value_from_double (value.c:3696)
+==3167==    by 0x61C2D6: value_cast (valops.c:466)
+==3167==    by 0x6476D7: value_arg_coerce (infcall.c:228)
+==3167==    by 0x6476D7: call_function_by_hand_dummy (infcall.c:951)
+==3167==    by 0x614EC6: evaluate_subexp_standard (eval.c:2066)
+==3167==    by 0x70813E: evaluate_subexp_c (c-lang.c:716)
+==3167==    by 0x6108CC: evaluate_expression (eval.c:163)
+==3167==    by 0x62950A: print_command_1 (printcmd.c:1012)
+==3167==    by 0x737E75: execute_command (top.c:475)
+==3167==    by 0x67037B: command_handler (event-top.c:496)
+
+Index: gdb-7.11/gdb/common/common-utils.c
+===================================================================
+--- gdb-7.11.orig/gdb/common/common-utils.c	2016-02-10 04:19:39.000000000 +0100
+++ gdb-7.11/gdb/common/common-utils.c	2016-02-29 22:24:26.000000000 +0100
+@@ -90,6 +90,9 @@ xcalloc (size_t number, size_t size)
+ void *
+ xzalloc (size_t size)
+ {
+  /* HACK: Round up to 8 bytes, fixes a problem with buffers of long double on
+     32 bit (12 bytes) when filled from a 64 bit gdb (16 bytes).  Ugh.  */
+  size = (size + 7) & ~(size_t)7;
+   return xcalloc (1, size);
+ }
+ 
--- a/gdb-pahole-python2.patch
+++ b/gdb-pahole-python2.patch
@ -0,0 +1,36 @@
+diff --git a/gdb/python/lib/gdb/command/pahole.py b/gdb/python/lib/gdb/command/pahole.py
+index e08eaf5..56c1737 100644
+--- a/gdb/python/lib/gdb/command/pahole.py
+++ b/gdb/python/lib/gdb/command/pahole.py
+@@ -55,19 +55,19 @@ It prints the type and displays comments showing where holes are."""
+                 fieldsize = 8 * ftype.sizeof
+ 
+             # TARGET_CHAR_BIT
+-            print (' /* %3d %3d */' % (int (bitpos / 8), int (fieldsize / 8)), end = "")
+            print (' /* %3d %3d */' % (int (bitpos / 8), int (fieldsize / 8))),
+             bitpos = bitpos + fieldsize
+ 
+             if ftype.code == gdb.TYPE_CODE_STRUCT:
+                 self.pahole (ftype, level + 1, field.name)
+             else:
+-                print (' ' * (2 + 2 * level), end = "")
+                print (' ' * (2 + 2 * level)),
+                 print ('%s %s' % (str (ftype), field.name))
+ 
+         if level == 0:
+             self.maybe_print_hole(bitpos, 8 * type.sizeof)
+ 
+-        print (' ' * (14 + 2 * level), end = "")
+        print (' ' * (14 + 2 * level)),
+         print ('} %s' % name)
+ 
+     def invoke (self, arg, from_tty):
+@@ -75,7 +75,7 @@ It prints the type and displays comments showing where holes are."""
+         type = type.strip_typedefs ()
+         if type.code != gdb.TYPE_CODE_STRUCT:
+             raise (TypeError, '%s is not a struct type' % arg)
+-        print (' ' * 14, end = "")
+        print (' ' * 14),
+         self.pahole (type, 0, '')
+ 
+ Pahole()
--- a/gdb.changes
+++ b/gdb.changes
@ -16,6 +16,7 @@ Mon Feb 29 18:50:39 UTC 2016 - matz@suse.de
    new packets which can be used to support features such as
    follow-exec-mode, exec catchpoints, syscall catchpoints, etc. 
  * Some minor improvements in the Python API for extending GDB. 
+- Added local patch gdb-fix-buf-overflow.diff.
 - Added new patches from Fedora:
    gdb-fedora-libncursesw.patch
    gdb-fortran-stride-intel-1of6.patch
@ -29,7 +30,6 @@ Mon Feb 29 18:50:39 UTC 2016 - matz@suse.de
    gdb-testsuite-readline63-sigint.patch
 - Removed obsolete patches:
    gdb-6.3-bz231832-obstack-2gb.patch
-    gdb-pahole-python2.patch
    gdb-probes-based-interface-robust-1of2.patch
    gdb-probes-based-interface-robust-2of2.patch
    gdb-rhbz1260558-ppc64le-skip_trampoline_code.patch
--- a/gdb.spec
+++ b/gdb.spec
@ -212,6 +212,8 @@ Patch117:       gdb-testsuite-readline63-sigint.patch

 # Upstream patch to fix gcc -Werror
 Patch1002:      gdb-6.6-buildid-locate-rpm-suse.patch
+Patch1003:      gdb-pahole-python2.patch
+Patch1004:      gdb-fix-buf-overflow.diff

 BuildRequires:  bison
 BuildRequires:  flex
@ -477,6 +479,8 @@ find -name "*.info*"|xargs rm -f
 #Fedora patching end

 %patch1002 -p1
+%patch1003 -p1
+%patch1004 -p1

 find -name "*.orig" | xargs rm -f
 ! find -name "*.rej" # Should not happen.