Backport upstream fix for RHBZ 2237515

Backport upstream commit f96328accde1e63 to fix a potential double free issue in the debuginfod code (RHBZ 2237515).
2023-09-13 15:31:17 +01:00 · 2023-09-13 15:31:17 +01:00 · 60fc6a1e0f
parent 9a4f6d6e4c
commit 60fc6a1e0f
5 changed files with 111 additions and 0 deletions
--- a/_gdb.spec.Patch.include
+++ b/_gdb.spec.Patch.include
@ -207,3 +207,7 @@ Patch046: gdb-rhbz2160211-excessive-core-file-warnings.patch
 # when debuginfod makes use of particular openssl settings.
 Patch047: gdb-bz2196395-debuginfod-legacy-openssl-crash.patch

+# Backport upstream commit f96328accde1e63 to fix a potential double
+# free issue in the debuginfod code.
+Patch048: gdb-bz2237515-debuginfod-double-free.patch
+
--- a/_gdb.spec.patch.include
+++ b/_gdb.spec.patch.include
@ -45,3 +45,4 @@
 %patch -p1 -P045
 %patch -p1 -P046
 %patch -p1 -P047
+%patch -p1 -P048
--- a/1
+++ b/1
@ -45,3 +45,4 @@ gdb-binutils29988-read_indexed_address.patch
 gdb-rhbz2192105-ftbs-dangling-pointer
 gdb-rhbz2160211-excessive-core-file-warnings.patch
 gdb-bz2196395-debuginfod-legacy-openssl-crash.patch
+gdb-bz2237515-debuginfod-double-free.patch
--- a/gdb-bz2237515-debuginfod-double-free.patch
+++ b/gdb-bz2237515-debuginfod-double-free.patch
@ -0,0 +1,102 @@
+From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
+From: Tom Tromey <tromey@adacore.com>
+Date: Tue, 6 Dec 2022 12:07:12 -0700
+Subject: gdb-bz2237515-debuginfod-double-free.patch
+
+;; Backport upstream commit f96328accde1e63 to fix a potential double
+;; free issue in the debuginfod code.
+
+Avoid double-free with debuginfod
+
+PR gdb/29257 points out a possible double free when debuginfod is in
+use.  Aside from some ugly warts in the symbol code (an ongoing
+issue), the underlying issue in this particular case is that elfread.c
+seems to assume that symfile_bfd_open will return NULL on error,
+whereas in reality it throws an exception.  As this code isn't
+prepared for an exception, bad things result.
+
+This patch fixes the problem by introducing a non-throwing variant of
+symfile_bfd_open and using it in the affected places.
+
+Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29257
+
+diff --git a/gdb/elfread.c b/gdb/elfread.c
+--- a/gdb/elfread.c
+++ b/gdb/elfread.c
+@@ -1222,10 +1222,12 @@ elf_symfile_read_dwarf2 (struct objfile *objfile,
+ 
+       if (!debugfile.empty ())
+ 	{
+-	  gdb_bfd_ref_ptr debug_bfd (symfile_bfd_open (debugfile.c_str ()));
+	  gdb_bfd_ref_ptr debug_bfd
+	    (symfile_bfd_open_no_error (debugfile.c_str ()));
+ 
+-	  symbol_file_add_separate (debug_bfd, debugfile.c_str (),
+-				    symfile_flags, objfile);
+	  if (debug_bfd != nullptr)
+	    symbol_file_add_separate (debug_bfd, debugfile.c_str (),
+				      symfile_flags, objfile);
+ 	}
+       else
+ 	{
+@@ -1245,13 +1247,12 @@ elf_symfile_read_dwarf2 (struct objfile *objfile,
+ 	      if (fd.get () >= 0)
+ 		{
+ 		  /* File successfully retrieved from server.  */
+-		  gdb_bfd_ref_ptr debug_bfd (symfile_bfd_open (symfile_path.get ()));
+		  gdb_bfd_ref_ptr debug_bfd
+		    (symfile_bfd_open_no_error (symfile_path.get ()));
+ 
+-		  if (debug_bfd == nullptr)
+-		    warning (_("File \"%s\" from debuginfod cannot be opened as bfd"),
+-			     filename);
+-		  else if (build_id_verify (debug_bfd.get (), build_id->size,
+-					    build_id->data))
+		  if (debug_bfd != nullptr
+		      && build_id_verify (debug_bfd.get (), build_id->size,
+					  build_id->data))
+ 		    {
+ 		      symbol_file_add_separate (debug_bfd, symfile_path.get (),
+ 						symfile_flags, objfile);
+diff --git a/gdb/symfile.c b/gdb/symfile.c
+--- a/gdb/symfile.c
+++ b/gdb/symfile.c
+@@ -1744,6 +1744,23 @@ symfile_bfd_open (const char *name)
+   return sym_bfd;
+ }
+ 
+/* See symfile.h.  */
+
+gdb_bfd_ref_ptr
+symfile_bfd_open_no_error (const char *name) noexcept
+{
+  try
+    {
+      return symfile_bfd_open (name);
+    }
+  catch (const gdb_exception_error &err)
+    {
+      warning ("%s", err.what ());
+    }
+
+  return nullptr;
+}
+
+ /* Return the section index for SECTION_NAME on OBJFILE.  Return -1 if
+    the section was not found.  */
+ 
+diff --git a/gdb/symfile.h b/gdb/symfile.h
+--- a/gdb/symfile.h
+++ b/gdb/symfile.h
+@@ -269,6 +269,11 @@ extern void set_initial_language (void);
+ 
+ extern gdb_bfd_ref_ptr symfile_bfd_open (const char *);
+ 
+/* Like symfile_bfd_open, but will not throw an exception on error.
+   Instead, it issues a warning and returns nullptr.  */
+
+extern gdb_bfd_ref_ptr symfile_bfd_open_no_error (const char *) noexcept;
+
+ extern int get_section_index (struct objfile *, const char *);
+ 
+ extern int print_symbol_loading_p (int from_tty, int mainline, int full);
--- a/gdb.spec
+++ b/gdb.spec
@ -1252,6 +1252,9 @@ fi
 %endif

 %changelog
+* Wed Aug 13 2023 Andrew Burgess <aburgess@redhat.com>
+- Backport upstream commit f96328accde1e63, which fixes RHBZ 2237515.
+
 * Wed Aug  9 2023 Guinevere Larsen <blarsen@redhat.com>
 - Remove gdb-6.7-testsuite-stable-results.patch, it only made the test
  fail more.