From 60fc6a1e0f8ab38f6e3f19814fea2786c9813c68 Mon Sep 17 00:00:00 2001 From: Andrew Burgess Date: Sep 13 2023 14:31:17 +0000 Subject: Backport upstream fix for RHBZ 2237515 Backport upstream commit f96328accde1e63 to fix a potential double free issue in the debuginfod code (RHBZ 2237515). --- diff --git a/_gdb.spec.Patch.include b/_gdb.spec.Patch.include index 5764017..ac17a1d 100644 --- a/_gdb.spec.Patch.include +++ b/_gdb.spec.Patch.include @@ -207,3 +207,7 @@ Patch046: gdb-rhbz2160211-excessive-core-file-warnings.patch # when debuginfod makes use of particular openssl settings. Patch047: gdb-bz2196395-debuginfod-legacy-openssl-crash.patch +# Backport upstream commit f96328accde1e63 to fix a potential double +# free issue in the debuginfod code. +Patch048: gdb-bz2237515-debuginfod-double-free.patch + diff --git a/_gdb.spec.patch.include b/_gdb.spec.patch.include index 8258dc9..ef55dd0 100644 --- a/_gdb.spec.patch.include +++ b/_gdb.spec.patch.include @@ -45,3 +45,4 @@ %patch -p1 -P045 %patch -p1 -P046 %patch -p1 -P047 +%patch -p1 -P048 diff --git a/_patch_order b/_patch_order index ef3567d..d90b52f 100644 --- a/_patch_order +++ b/_patch_order @@ -45,3 +45,4 @@ gdb-binutils29988-read_indexed_address.patch gdb-rhbz2192105-ftbs-dangling-pointer gdb-rhbz2160211-excessive-core-file-warnings.patch gdb-bz2196395-debuginfod-legacy-openssl-crash.patch +gdb-bz2237515-debuginfod-double-free.patch diff --git a/gdb-bz2237515-debuginfod-double-free.patch b/gdb-bz2237515-debuginfod-double-free.patch new file mode 100644 index 0000000..9d72639 --- /dev/null +++ b/gdb-bz2237515-debuginfod-double-free.patch @@ -0,0 +1,102 @@ +From FEDORA_PATCHES Mon Sep 17 00:00:00 2001 +From: Tom Tromey +Date: Tue, 6 Dec 2022 12:07:12 -0700 +Subject: gdb-bz2237515-debuginfod-double-free.patch + +;; Backport upstream commit f96328accde1e63 to fix a potential double +;; free issue in the debuginfod code. + +Avoid double-free with debuginfod + +PR gdb/29257 points out a possible double free when debuginfod is in +use. Aside from some ugly warts in the symbol code (an ongoing +issue), the underlying issue in this particular case is that elfread.c +seems to assume that symfile_bfd_open will return NULL on error, +whereas in reality it throws an exception. As this code isn't +prepared for an exception, bad things result. + +This patch fixes the problem by introducing a non-throwing variant of +symfile_bfd_open and using it in the affected places. + +Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29257 + +diff --git a/gdb/elfread.c b/gdb/elfread.c +--- a/gdb/elfread.c ++++ b/gdb/elfread.c +@@ -1222,10 +1222,12 @@ elf_symfile_read_dwarf2 (struct objfile *objfile, + + if (!debugfile.empty ()) + { +- gdb_bfd_ref_ptr debug_bfd (symfile_bfd_open (debugfile.c_str ())); ++ gdb_bfd_ref_ptr debug_bfd ++ (symfile_bfd_open_no_error (debugfile.c_str ())); + +- symbol_file_add_separate (debug_bfd, debugfile.c_str (), +- symfile_flags, objfile); ++ if (debug_bfd != nullptr) ++ symbol_file_add_separate (debug_bfd, debugfile.c_str (), ++ symfile_flags, objfile); + } + else + { +@@ -1245,13 +1247,12 @@ elf_symfile_read_dwarf2 (struct objfile *objfile, + if (fd.get () >= 0) + { + /* File successfully retrieved from server. */ +- gdb_bfd_ref_ptr debug_bfd (symfile_bfd_open (symfile_path.get ())); ++ gdb_bfd_ref_ptr debug_bfd ++ (symfile_bfd_open_no_error (symfile_path.get ())); + +- if (debug_bfd == nullptr) +- warning (_("File \"%s\" from debuginfod cannot be opened as bfd"), +- filename); +- else if (build_id_verify (debug_bfd.get (), build_id->size, +- build_id->data)) ++ if (debug_bfd != nullptr ++ && build_id_verify (debug_bfd.get (), build_id->size, ++ build_id->data)) + { + symbol_file_add_separate (debug_bfd, symfile_path.get (), + symfile_flags, objfile); +diff --git a/gdb/symfile.c b/gdb/symfile.c +--- a/gdb/symfile.c ++++ b/gdb/symfile.c +@@ -1744,6 +1744,23 @@ symfile_bfd_open (const char *name) + return sym_bfd; + } + ++/* See symfile.h. */ ++ ++gdb_bfd_ref_ptr ++symfile_bfd_open_no_error (const char *name) noexcept ++{ ++ try ++ { ++ return symfile_bfd_open (name); ++ } ++ catch (const gdb_exception_error &err) ++ { ++ warning ("%s", err.what ()); ++ } ++ ++ return nullptr; ++} ++ + /* Return the section index for SECTION_NAME on OBJFILE. Return -1 if + the section was not found. */ + +diff --git a/gdb/symfile.h b/gdb/symfile.h +--- a/gdb/symfile.h ++++ b/gdb/symfile.h +@@ -269,6 +269,11 @@ extern void set_initial_language (void); + + extern gdb_bfd_ref_ptr symfile_bfd_open (const char *); + ++/* Like symfile_bfd_open, but will not throw an exception on error. ++ Instead, it issues a warning and returns nullptr. */ ++ ++extern gdb_bfd_ref_ptr symfile_bfd_open_no_error (const char *) noexcept; ++ + extern int get_section_index (struct objfile *, const char *); + + extern int print_symbol_loading_p (int from_tty, int mainline, int full); diff --git a/gdb.spec b/gdb.spec index 75190c7..3cca409 100644 --- a/gdb.spec +++ b/gdb.spec @@ -1252,6 +1252,9 @@ fi %endif %changelog +* Wed Aug 13 2023 Andrew Burgess +- Backport upstream commit f96328accde1e63, which fixes RHBZ 2237515. + * Wed Aug 9 2023 Guinevere Larsen - Remove gdb-6.7-testsuite-stable-results.patch, it only made the test fail more.