Backport upstream fix for RHBZ 2237515

Backport upstream commit f96328accde1e63 to fix a potential double free issue in the debuginfod code (RHBZ 2237515).
2023-09-13 15:31:17 +01:00 · 2023-09-13 15:31:17 +01:00 · 60fc6a1e0f
commit 60fc6a1e0f
parent 9a4f6d6e4c
5 changed files with 111 additions and 0 deletions
--- a/_gdb.spec.Patch.include
+++ b/_gdb.spec.Patch.include
@ -207,3 +207,7 @@ Patch046: gdb-rhbz2160211-excessive-core-file-warnings.patch
 # when debuginfod makes use of particular openssl settings.
 Patch047: gdb-bz2196395-debuginfod-legacy-openssl-crash.patch
 # Backport upstream commit f96328accde1e63 to fix a potential double
 # free issue in the debuginfod code.
 Patch048: gdb-bz2237515-debuginfod-double-free.patch
--- a/_gdb.spec.patch.include
+++ b/_gdb.spec.patch.include
@ -45,3 +45,4 @@
 %patch -p1 -P045
 %patch -p1 -P046
 %patch -p1 -P047
 %patch -p1 -P048
--- a/1
+++ b/1
@ -45,3 +45,4 @@ gdb-binutils29988-read_indexed_address.patch
 gdb-rhbz2192105-ftbs-dangling-pointer
 gdb-rhbz2160211-excessive-core-file-warnings.patch
 gdb-bz2196395-debuginfod-legacy-openssl-crash.patch
 gdb-bz2237515-debuginfod-double-free.patch
--- a/gdb-bz2237515-debuginfod-double-free.patch
+++ b/gdb-bz2237515-debuginfod-double-free.patch
@ -0,0 +1,102 @@
 From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
 From: Tom Tromey <tromey@adacore.com>
 Date: Tue, 6 Dec 2022 12:07:12 -0700
 Subject: gdb-bz2237515-debuginfod-double-free.patch
 ;; Backport upstream commit f96328accde1e63 to fix a potential double
 ;; free issue in the debuginfod code.
 Avoid double-free with debuginfod
 PR gdb/29257 points out a possible double free when debuginfod is in
 use.  Aside from some ugly warts in the symbol code (an ongoing
 issue), the underlying issue in this particular case is that elfread.c
 seems to assume that symfile_bfd_open will return NULL on error,
 whereas in reality it throws an exception.  As this code isn't
 prepared for an exception, bad things result.
 This patch fixes the problem by introducing a non-throwing variant of
 symfile_bfd_open and using it in the affected places.
 Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29257
 diff --git a/gdb/elfread.c b/gdb/elfread.c
 --- a/gdb/elfread.c
 +++ b/gdb/elfread.c
@@ -1222,10 +1222,12 @@ elf_symfile_read_dwarf2 (struct objfile *objfile,
       if (!debugfile.empty ())
 	{
 -	  gdb_bfd_ref_ptr debug_bfd (symfile_bfd_open (debugfile.c_str ()));
 +	  gdb_bfd_ref_ptr debug_bfd
 +	    (symfile_bfd_open_no_error (debugfile.c_str ()));
 -	  symbol_file_add_separate (debug_bfd, debugfile.c_str (),
 -				    symfile_flags, objfile);
 +	  if (debug_bfd != nullptr)
 +	    symbol_file_add_separate (debug_bfd, debugfile.c_str (),
 +				      symfile_flags, objfile);
 	}
       else
 	{
@@ -1245,13 +1247,12 @@ elf_symfile_read_dwarf2 (struct objfile *objfile,
 	      if (fd.get () >= 0)
 		{
 		  /* File successfully retrieved from server.  */
 -		  gdb_bfd_ref_ptr debug_bfd (symfile_bfd_open (symfile_path.get ()));
 +		  gdb_bfd_ref_ptr debug_bfd
 +		    (symfile_bfd_open_no_error (symfile_path.get ()));
 -		  if (debug_bfd == nullptr)
 -		    warning (_("File \"%s\" from debuginfod cannot be opened as bfd"),
 -			     filename);
 -		  else if (build_id_verify (debug_bfd.get (), build_id->size,
 -					    build_id->data))
 +		  if (debug_bfd != nullptr
 +		      && build_id_verify (debug_bfd.get (), build_id->size,
 +					  build_id->data))
 		    {
 		      symbol_file_add_separate (debug_bfd, symfile_path.get (),
 						symfile_flags, objfile);
 diff --git a/gdb/symfile.c b/gdb/symfile.c
 --- a/gdb/symfile.c
 +++ b/gdb/symfile.c
@@ -1744,6 +1744,23 @@ symfile_bfd_open (const char *name)
   return sym_bfd;
 }
 +/* See symfile.h.  */
 +
 +gdb_bfd_ref_ptr
 +symfile_bfd_open_no_error (const char *name) noexcept
 +{
 +  try
 +    {
 +      return symfile_bfd_open (name);
 +    }
 +  catch (const gdb_exception_error &err)
 +    {
 +      warning ("%s", err.what ());
 +    }
 +
 +  return nullptr;
 +}
 +
 /* Return the section index for SECTION_NAME on OBJFILE.  Return -1 if
    the section was not found.  */
 diff --git a/gdb/symfile.h b/gdb/symfile.h
 --- a/gdb/symfile.h
 +++ b/gdb/symfile.h
@@ -269,6 +269,11 @@ extern void set_initial_language (void);
 extern gdb_bfd_ref_ptr symfile_bfd_open (const char *);
 +/* Like symfile_bfd_open, but will not throw an exception on error.
 +   Instead, it issues a warning and returns nullptr.  */
 +
 +extern gdb_bfd_ref_ptr symfile_bfd_open_no_error (const char *) noexcept;
 +
 extern int get_section_index (struct objfile *, const char *);
 extern int print_symbol_loading_p (int from_tty, int mainline, int full);
--- a/gdb.spec
+++ b/gdb.spec
@ -1252,6 +1252,9 @@ fi
 %endif
 %changelog
 * Wed Aug 13 2023 Andrew Burgess <aburgess@redhat.com>
 - Backport upstream commit f96328accde1e63, which fixes RHBZ 2237515.
 * Wed Aug  9 2023 Guinevere Larsen <blarsen@redhat.com>
 - Remove gdb-6.7-testsuite-stable-results.patch, it only made the test
  fail more.