[rpms/gdb] gdb-17.2-rebase-f44: Backport upstream fix for RHBZ 2237392

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/gdb] gdb-17.2-rebase-f44: Backport upstream fix for RHBZ 2237392
@ 2026-06-28  0:01 Andrew Burgess
  0 siblings, 0 replies; only message in thread
From: Andrew Burgess @ 2026-06-28  0:01 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/gdb
            Branch : gdb-17.2-rebase-f44
            Commit : ed8eee7ab5f53717e8846fb05decb85d60dd2e74
            Author : Andrew Burgess <aburgess@redhat.com>
            Date   : 2023-09-14T22:22:33+01:00
            Stats  : +77/-0 in 5 file(s)
            URL    : https://src.fedoraproject.org/rpms/gdb/c/ed8eee7ab5f53717e8846fb05decb85d60dd2e74?branch=gdb-17.2-rebase-f44

            Log:
            Backport upstream fix for RHBZ 2237392

Backport upstream commit 54392c4df604f20 to fix an incorrect
obstack allocation that wold lead to memory corruption (RHBZ 2237392).

---
diff --git a/_gdb.spec.Patch.include b/_gdb.spec.Patch.include
index ac17a1d..e3f21e9 100644
--- a/_gdb.spec.Patch.include
+++ b/_gdb.spec.Patch.include
@@ -211,3 +211,7 @@ Patch047: gdb-bz2196395-debuginfod-legacy-openssl-crash.patch
 # free issue in the debuginfod code.
 Patch048: gdb-bz2237515-debuginfod-double-free.patch
 
+# Backport upstream commit 54392c4df604f20 to fix an incorrect
+# obstack allocation that wold lead to memory corruption.
+Patch049: gdb-bz2237392-dwarf-obstack-allocation.patch
+

diff --git a/_gdb.spec.patch.include b/_gdb.spec.patch.include
index ef55dd0..2ca0c1f 100644
--- a/_gdb.spec.patch.include
+++ b/_gdb.spec.patch.include
@@ -46,3 +46,4 @@
 %patch -p1 -P046
 %patch -p1 -P047
 %patch -p1 -P048
+%patch -p1 -P049

diff --git a/_patch_order b/_patch_order
index d90b52f..4f99a83 100644
--- a/_patch_order
+++ b/_patch_order
@@ -46,3 +46,4 @@ gdb-rhbz2192105-ftbs-dangling-pointer
 gdb-rhbz2160211-excessive-core-file-warnings.patch
 gdb-bz2196395-debuginfod-legacy-openssl-crash.patch
 gdb-bz2237515-debuginfod-double-free.patch
+gdb-bz2237392-dwarf-obstack-allocation.patch

diff --git a/gdb-bz2237392-dwarf-obstack-allocation.patch b/gdb-bz2237392-dwarf-obstack-allocation.patch
new file mode 100644
index 0000000..424cad3
--- /dev/null
+++ b/gdb-bz2237392-dwarf-obstack-allocation.patch
@@ -0,0 +1,68 @@
+From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
+From: Andrew Burgess <aburgess@redhat.com>
+Date: Thu, 14 Sep 2023 13:06:26 +0100
+Subject: gdb-bz2237392-dwarf-obstack-allocation.patch
+
+;; Backport upstream commit 54392c4df604f20 to fix an incorrect
+;; obstack allocation that wold lead to memory corruption.
+
+gdb: fix buffer overflow in DWARF reader
+
+In this commit:
+
+  commit 48ac197b0c209ccf1f2de9704eb6cdf7c5c73a8e
+  Date:   Fri Nov 19 10:12:44 2021 -0700
+
+      Handle multiple addresses in call_site_target
+
+a buffer overflow bug was introduced when the following code was
+added:
+
+  CORE_ADDR *saved = XOBNEWVAR (&objfile->objfile_obstack, CORE_ADDR,
+                                addresses.size ());
+  std::copy (addresses.begin (), addresses.end (), saved);
+
+The definition of XOBNEWVAR is (from libiberty.h):
+
+  #define XOBNEWVAR(O, T, S)	((T *) obstack_alloc ((O), (S)))
+
+So 'saved' is going to point to addresses.size () bytes of memory,
+however, the std::copy will write addresses.size () number of
+CORE_ADDR sized entries to the address pointed to by 'saved', this is
+going to result in memory corruption.
+
+The mistake is that we should have used XOBNEWVEC, which allocates a
+vector of entries, the definition of XOBNEWVEC is:
+
+  #define XOBNEWVEC(O, T, N) \
+    ((T *) obstack_alloc ((O), sizeof (T) * (N)))
+
+Which means we will have set aside enough space to create a copy of
+the contents of the addresses vector.
+
+I'm not sure how to create a test for this problem, this issue cropped
+up when debugging a particular i686 built binary, which just happened
+to trigger a glibc assertion (likely due to random memory corruption),
+debugging the same binary built for x86-64 appeared to work just fine.
+
+Using valgrind on the failing GDB binary pointed straight to the cause
+of the problem, and with this patch in place there are no longer
+valgrind errors in this area.
+
+If anyone has ideas for a test I'm happy to work on something.
+
+Co-Authored-By: Keith Seitz <keiths@redhat.com>
+Approved-By: Tom Tromey <tom@tromey.com>
+
+diff --git a/gdb/dwarf2/read.c b/gdb/dwarf2/read.c
+--- a/gdb/dwarf2/read.c
++++ b/gdb/dwarf2/read.c
+@@ -12506,7 +12506,7 @@ read_call_site_scope (struct die_info *die, struct dwarf2_cu *cu)
+ 	  std::vector<CORE_ADDR> addresses;
+ 	  dwarf2_ranges_read_low_addrs (ranges_offset, target_cu,
+ 					target_die->tag, addresses);
+-	  CORE_ADDR *saved = XOBNEWVAR (&objfile->objfile_obstack, CORE_ADDR,
++	  CORE_ADDR *saved = XOBNEWVEC (&objfile->objfile_obstack, CORE_ADDR,
+ 					addresses.size ());
+ 	  std::copy (addresses.begin (), addresses.end (), saved);
+ 	  call_site->target.set_loc_array (addresses.size (), saved);

diff --git a/gdb.spec b/gdb.spec
index 3cca409..934875f 100644
--- a/gdb.spec
+++ b/gdb.spec
@@ -1252,6 +1252,9 @@ fi
 %endif
 
 %changelog
+* Wed Aug 14 2023 Andrew Burgess <aburgess@redhat.com>
+- Backport upstream commit 54392c4df604f20, which fixes RHBZ 2237392.
+
 * Wed Aug 13 2023 Andrew Burgess <aburgess@redhat.com>
 - Backport upstream commit f96328accde1e63, which fixes RHBZ 2237515.
 

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-28  0:01 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-28  0:01 [rpms/gdb] gdb-17.2-rebase-f44: Backport upstream fix for RHBZ 2237392 Andrew Burgess

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox