Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1114582

Summary: gdb coredumped in interactive mode
Product: Red Hat Enterprise Linux 6 Reporter: Pavel Moravec <pmoravec>
Component: gdbAssignee: Sergio Durigan Junior <sergiodj>
Status: CLOSED CANTFIX QA Contact: qe-baseos-tools-bugs
Severity: medium Docs Contact:
Priority: low    
Version: 6.4CC: gdb-bugs, jan.kratochvil, mfranc, pmoravec
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-13 21:00:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
abrt report from gdb crash none

Description Pavel Moravec 2014-06-30 12:00:10 UTC
Description of problem:
During debugging my program, gdb coredumped. Abrt report attached.


Version-Release number of selected component (if applicable):
gdb-7.2-60.el6_4.1.x86_64
gcc-c++-4.4.7-4.el6.x86_64
libgcc-4.4.7-4.el6.x86_64
gcc-4.4.7-4.el6.x86_64


How reproducible:
n.a.


Steps to Reproduce:
Unknown


Actual results:
n.a.


Expected results:
n.a.


Additional info:
(I might be able to reproduce but doubt so; if interested in reproducer please let me know)

Comment 1 Pavel Moravec 2014-06-30 12:01:54 UTC
Created attachment 913392 [details]
abrt report from gdb crash

Comment 3 Sergio Durigan Junior 2014-10-14 17:28:50 UTC
Hi Pavel,

Yes, a reproducer would be very nice.  I will try to debug using the coredump you provided, but sometimes it is very difficult to understand what happened without being able to reproduce it.

Comment 8 Jan Kratochvil 2015-02-09 16:52:41 UTC
As a reproducer we would need: /data_xfs/qpid/cpp/BLD/src/libqpidclient.so.2

But this is a known bug that GDB may crash on invalid DWARF, hopefully + I believe it is just DoS and not exploitable for arbitrary code execution.

It would be a real GDB bug if the libqpidclient.so.2 DWARF was correct but I guess we cannot say so unless we have libqpidclient.so.2.

We could fix the GDB crashes on invalid DWARF but IMHO there is not enough GDB staffing in RH to get at these tasks.


#4  0x0000000000571bc6 in dwarf2_build_frame_info (objfile=0x2e90d50) at ../../gdb/dwarf2-frame.c:2111
2111	in ../../gdb/dwarf2-frame.c
(gdb) p objfile->name
$2 = 0x29baa30 "/data_xfs/qpid/cpp/BLD/src/libqpidclient.so.2"

#0  bfd_getl32 (p=0x7fdacee1ef58) at ../../bfd/libbfd.c:623
#1  0x0000000000570def in read_initial_length (bytes_read_ptr=0x7fff2481668c, buf=0x7fdacee1ef58 <error: Cannot access memory at address 0x7fdacee1ef58>, abfd=0x28a2660) at ../../gdb/dwarf2-frame.c:1386
#2  decode_frame_entry_1 (fde_table=0x7fff248166f0, cie_table=0x7fff24816700, eh_frame_p=1, start=0x7fdacee1ef58 <error: Cannot access memory at address 0x7fdacee1ef58>, unit=0x31b4568) at ../../gdb/dwarf2-frame.c:1678
#3  decode_frame_entry (unit=0x31b4568, start=0x7fdacee1ef58 <error: Cannot access memory at address 0x7fdacee1ef58>, eh_frame_p=1, cie_table=0x7fff24816700, fde_table=0x7fff248166f0) at ../../gdb/dwarf2-frame.c:1956
#4  0x0000000000571bc6 in dwarf2_build_frame_info (objfile=0x2e90d50) at ../../gdb/dwarf2-frame.c:2111
#5  0x0000000000571dbc in dwarf2_frame_find_fde (pc=0x7fff24816798, out_offset=0x0) at ../../gdb/dwarf2-frame.c:1607
#6  0x0000000000571f02 in dwarf2_frame_sniffer (self=0x6f0300 <dwarf2_frame_unwind>, this_frame=0x26dd8e8, this_cache=<optimized out>) at ../../gdb/dwarf2-frame.c:1208
#7  0x000000000041f48e in frame_unwind_find_by_frame (this_frame=0x26dd8e8, this_cache=0x26dd900) at ../../gdb/frame-unwind.c:103
#8  0x000000000041baf1 in get_frame_type (frame=0x26dd8e8) at ../../gdb/frame.c:2006
#9  0x0000000000512c91 in print_frame_info (frame=0x26dd8e8, print_level=0, print_what=SRC_AND_LOC, print_args=1) at ../../gdb/stack.c:546
#10 0x0000000000513a84 in print_stack_frame_stub (args=0x7fff24816a20) at ../../gdb/stack.c:101
#11 0x0000000000516f7b in catch_errors (func=0x513a60 <print_stack_frame_stub>, func_args=0x7fff24816a20, errstring=0x690fef "", mask=<optimized out>) at ../../gdb/exceptions.c:518
#12 0x000000000051248c in print_stack_frame (frame=<optimized out>, print_level=<optimized out>, print_what=<optimized out>) at ../../gdb/stack.c:149
#13 0x0000000000507d21 in normal_stop () at ../../gdb/infrun.c:5752
#14 0x00000000005033d4 in run_command_1 (args=0x0, from_tty=1, tbreak_at_main=<optimized out>) at ../../gdb/infcmd.c:593
#15 0x0000000000414943 in execute_command (p=0x2665153 "", from_tty=1) at ../../gdb/top.c:426

Comment 10 Jan Kratochvil 2015-02-13 21:00:27 UTC
export LD_LIBRARY_PATH=/data_ext4/qpid/cpp/BLD/src
cat >main.c <<EOH
extern void _ZN4qpid6client10no_keyword12Session_0_1010txRollbackEb(void);
int main(void) { _ZN4qpid6client10no_keyword12Session_0_1010txRollbackEb(); return 0; }
EOH
gcc -o main main.c -Wall -g /data_ext4/qpid/cpp/BLD/src/libqpidclient.so.2
gdb -q -ex 'b dwarf2_build_frame_info' -ex r --args gdb ./main -ex start -ex step
...

And it is not reproducible.  I believe /data_ext4/qpid/cpp/BLD/src/libqpidclient.so.2 was different during the crash.

If it was not reproducible then also general memory corruption inside GDB could happen.