- Fixup for the PPC Power6/DFP instructions disassembly (BZ 230000).

- New testcase for the GCORE buffer overflow (for BZ 238285, formerly
    235753).
- Related: rhbz#230000 rhbz#238285 rhbz#235753

gdb-6.6-bz238285-gcore-strings-overflow.patch

@@ -0,0 +1,151 @@
+Failing on _FORTIFY_SOURCE=2 for `gdb.base/corefile.exp'.
+
+
+--- gdb-6.6/gdb/linux-nat.c-orig	2007-04-08 21:12:38.000000000 +0200
++++ gdb-6.6/gdb/linux-nat.c	2007-04-09 20:05:43.000000000 +0200
+@@ -2838,7 +2838,9 @@ linux_nat_make_corefile_notes (bfd *obfd
+ {
+   struct linux_nat_corefile_thread_data thread_args;
+   struct cleanup *old_chain;
++  /* Length must be >= sizeof (prpsinfo_t.pr_fname).  */
+   char fname[16] = { '\0' };
++  /* Length must be >= sizeof (prpsinfo_t.pr_psargs).  */
+   char psargs[80] = { '\0' };
+   char *note_data = NULL;
+   ptid_t current_ptid = inferior_ptid;
+@@ -2851,9 +2853,14 @@ linux_nat_make_corefile_notes (bfd *obfd
+       strncpy (psargs, get_exec_file (0), sizeof (psargs));
+       if (get_inferior_args ())
+ 	{
+-	  strncat (psargs, " ", sizeof (psargs) - strlen (psargs));
+-	  strncat (psargs, get_inferior_args (),
+-		   sizeof (psargs) - strlen (psargs));
++	  /* linux_elfcore_write_prpsinfo () handles zero non-terminated
++	     strings right if they provide enough characters for its purposes.
++	     Handle to fully filled (=> zero non-terminated) strings here.  */
++	  if (memchr (psargs, 0, sizeof (psargs)) != NULL)
++	    strncat (psargs, " ", sizeof (psargs) - strlen (psargs) - 1);
++	  if (memchr (psargs, 0, sizeof (psargs)) != NULL)
++	    strncat (psargs, get_inferior_args (),
++		     sizeof (psargs) - strlen (psargs) - 1);
+ 	}
+       note_data = (char *) linux_elfcore_write_prpsinfo (obfd, note_data,
+ 							 note_size, fname,
+
+
+2007-04-28  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	* gdb.base/gcore-buffer-overflow.c, gdb.base/gcore-buffer-overflow.exp:
+	New files.
+
+Index: ./gdb/testsuite/gdb.base/gcore-buffer-overflow.c
+===================================================================
+RCS file: gdb/testsuite/gdb.base/gcore-buffer-overflow.c
+diff -N gdb/testsuite/gdb.base/gcore-buffer-overflow.c
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ ./gdb/testsuite/gdb.base/gcore-buffer-overflow.c	28 Apr 2007 18:48:15 -0000
+@@ -0,0 +1,27 @@
++/* Copyright 2007 Free Software Foundation, Inc.
++
++   This file is part of GDB.
++
++   This program is free software; you can redistribute it and/or modify
++   it under the terms of the GNU General Public License as published by
++   the Free Software Foundation; either version 2 of the License, or (at
++   your option) any later version.
++
++   This program is distributed in the hope that it will be useful, but
++   WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   General Public License for more details.
++
++   You should have received a copy of the GNU General Public License
++   along with this program; if not, write to the Free Software
++   Foundation, Inc., 59 Temple Place - Suite 330,
++   Boston, MA 02111-1307, USA.  */
++
++/*
++ * Test GDB's internal buffers safety for the GCORE command.
++ */
++
++int main (void)
++{
++  return 0;
++}
+Index: ./gdb/testsuite/gdb.base/gcore-buffer-overflow.exp
+===================================================================
+RCS file: gdb/testsuite/gdb.base/gcore-buffer-overflow.exp
+diff -N gdb/testsuite/gdb.base/gcore-buffer-overflow.exp
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ ./gdb/testsuite/gdb.base/gcore-buffer-overflow.exp	28 Apr 2007 18:48:15 -0000
+@@ -0,0 +1,70 @@
++# Copyright 2007 Free Software Foundation, Inc.
++
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++# 
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++# 
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  
++
++# Please email any bugs, comments, and/or additions to this file to:
++# bug-gdb@prep.ai.mit.edu
++
++# Test GDB's internal buffers safety for the GCORE command.
++
++if $tracelevel then {
++	strace $tracelevel
++}
++
++set prms_id 0
++set bug_id 0
++
++set testfile "gcore-buffer-overflow"
++set srcfile  ${testfile}.c
++# The ${binfile} basename needs to exceed 80 characters (`sizeof (psargs)')
++# plus some additional data to overwrite the stack frame.
++set pattern  01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
++set binfile  ${objdir}/${subdir}/${testfile}-${pattern}
++
++if  { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}" executable {debug}] != "" } {
++     untested gcore.exp
++     return -1
++}
++
++# Start with a fresh gdb.
++
++gdb_exit
++gdb_start
++gdb_reinitialize_dir $srcdir/$subdir
++gdb_load ${binfile}
++
++gdb_test "set args ${pattern}"	\
++         ""			\
++         "Set buffer exceeding arguments"
++
++if { ! [ runto_main ] } then {
++    untested gcore-buffer-overflow.exp
++    return -1
++}
++
++set escapedfilename [string_to_regexp ${objdir}/${subdir}/gcore-buffer-overflow.test]
++
++set test "save a corefile"
++gdb_test_multiple "gcore ${objdir}/${subdir}/gcore-buffer-overflow.test" $test {
++    -re "Saved corefile ${escapedfilename}\[\r\n\]+$gdb_prompt $" {
++	pass $test
++    }
++    -re "Can't create a corefile\[\r\n\]+$gdb_prompt $" {
++	unsupported $test
++    }
++    eof {
++	fail $test
++    }
++}

gdb-6.6-upstream.patch

@@ -552,3 +552,189 @@ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232353
  
    /* The objfile containing the symbol whose location we're computing.  */
    /* Used (only???) by thread local variables.  The objfile in which
+
+
+https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230000
+
+
+Fixes embarrassing errors in the ppc dfp instructions committed some
+time ago.  IBM numbers bits in architecture manuals starting from zero
+in the most signifigant bit.  Fields are marked by numbering their
+most signifigant bit too.  This means some translating is required when
+filling out new powerpc_operand entries.  You can't just plug IBM
+numbers into the shift counts.  Also, Z_MASK is too big for
+instructions that take RMC operands.
+
+	* ppc-opc.c (DCM, DGM, TE, RMC, R, SP, S): Correct shift.
+	(Z2_MASK): Define.
+	(powerpc_opcodes): Use Z2_MASK in all insns taking RMC operand.
+
+--- ./opcodes/ppc-opc.c	19 Apr 2007 01:39:31 -0000	1.91
++++ ./opcodes/ppc-opc.c	20 Apr 2007 09:52:09 -0000
+@@ -530,8 +530,9 @@ const struct powerpc_operand powerpc_ope
+ #define SIMM VD + 1
+   { 5, 16, NULL, NULL, PPC_OPERAND_SIGNED},
+ 
+-  /* The UIMM field in a VX form instruction.  */
++  /* The UIMM field in a VX form instruction, and TE in Z form.  */
+ #define UIMM SIMM + 1
++#define TE UIMM
+   { 5, 16, NULL, NULL, 0 },
+ 
+   /* The SHB field in a VA form instruction.  */
+@@ -564,31 +565,23 @@ const struct powerpc_operand powerpc_ope
+ #define A_L MTMSRD_L
+   { 1, 16, NULL, NULL, PPC_OPERAND_OPTIONAL },
+ 
+-  /* The DCM field in a Z form instruction.  */
+-#define DCM MTMSRD_L + 1
+-  { 6, 16, NULL, NULL, 0 },
+-
+-  /* Likewise, the DGM field in a Z form instruction.  */
+-#define DGM DCM + 1
+-  { 6, 16, NULL, NULL, 0 },
+-
+-#define TE DGM + 1
+-  { 5, 11, NULL, NULL, 0 },
+-
+-#define RMC TE + 1
+-  { 2, 21, NULL, NULL, 0 },
++#define RMC A_L + 1
++  { 2, 9, NULL, NULL, 0 },
+ 
+ #define R RMC + 1
+-  { 1, 15, NULL, NULL, 0 },
++  { 1, 16, NULL, NULL, 0 },
+ 
+ #define SP R + 1
+-  { 2, 11, NULL, NULL, 0 },
++  { 2, 19, NULL, NULL, 0 },
+ 
+ #define S SP + 1
+-  { 1, 11, NULL, NULL, 0 },
++  { 1, 20, NULL, NULL, 0 },
+ 
+   /* SH field starting at bit position 16.  */
+ #define SH16 S + 1
++  /* The DCM and DGM fields in a Z form instruction.  */
++#define DCM SH16
++#define DGM DCM
+   { 6, 10, NULL, NULL, 0 },
+ 
+   /* The L field in an X form with the RT field fixed instruction.  */
+@@ -1683,6 +1676,7 @@ extract_tbr (unsigned long insn,
+ 
+ /* The mask for a Z form instruction.  */
+ #define Z_MASK ZRC (0x3f, 0x1ff, 1)
++#define Z2_MASK ZRC (0x3f, 0xff, 1)
+ 
+ /* An X_MASK with the RA field fixed.  */
+ #define XRA_MASK (X_MASK | RA_MASK)
+@@ -4639,8 +4633,8 @@ const struct powerpc_opcode powerpc_opco
+ { "dadd",    XRC(59,2,0), X_MASK,	POWER6,		{ FRT, FRA, FRB } },
+ { "dadd.",   XRC(59,2,1), X_MASK,	POWER6,		{ FRT, FRA, FRB } },
+ 
+-{ "dqua",    ZRC(59,3,0), Z_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
+-{ "dqua.",   ZRC(59,3,1), Z_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
++{ "dqua",    ZRC(59,3,0), Z2_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
++{ "dqua.",   ZRC(59,3,1), Z2_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
+ 
+ { "fdivs",   A(59,18,0), AFRC_MASK,	PPC,		{ FRT, FRA, FRB } },
+ { "fdivs.",  A(59,18,1), AFRC_MASK,	PPC,		{ FRT, FRA, FRB } },
+@@ -4678,20 +4672,20 @@ const struct powerpc_opcode powerpc_opco
+ { "dmul",    XRC(59,34,0), X_MASK,	POWER6,		{ FRT, FRA, FRB } },
+ { "dmul.",   XRC(59,34,1), X_MASK,	POWER6,		{ FRT, FRA, FRB } },
+ 
+-{ "drrnd",   ZRC(59,35,0), Z_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
+-{ "drrnd.",  ZRC(59,35,1), Z_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
++{ "drrnd",   ZRC(59,35,0), Z2_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
++{ "drrnd.",  ZRC(59,35,1), Z2_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
+ 
+ { "dscli",   ZRC(59,66,0), Z_MASK,	POWER6,		{ FRT, FRA, SH16 } },
+ { "dscli.",  ZRC(59,66,1), Z_MASK,	POWER6,		{ FRT, FRA, SH16 } },
+ 
+-{ "dquai",   ZRC(59,67,0), Z_MASK,	POWER6,		{ TE,  FRT, FRB, RMC } },
+-{ "dquai.",  ZRC(59,67,1), Z_MASK,	POWER6,		{ TE,  FRT, FRB, RMC } },
++{ "dquai",   ZRC(59,67,0), Z2_MASK,	POWER6,		{ TE,  FRT, FRB, RMC } },
++{ "dquai.",  ZRC(59,67,1), Z2_MASK,	POWER6,		{ TE,  FRT, FRB, RMC } },
+ 
+ { "dscri",   ZRC(59,98,0), Z_MASK,	POWER6,		{ FRT, FRA, SH16 } },
+ { "dscri.",  ZRC(59,98,1), Z_MASK,	POWER6,		{ FRT, FRA, SH16 } },
+ 
+-{ "drintx",  ZRC(59,99,0), Z_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
+-{ "drintx.", ZRC(59,99,1), Z_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
++{ "drintx",  ZRC(59,99,0), Z2_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
++{ "drintx.", ZRC(59,99,1), Z2_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
+ 
+ { "dcmpo",   X(59,130),	   X_MASK,	POWER6,		{ BF,  FRA, FRB } },
+ 
+@@ -4699,8 +4693,8 @@ const struct powerpc_opcode powerpc_opco
+ { "dtstdc",  Z(59,194),	   Z_MASK,	POWER6,		{ BF,  FRA, DCM } },
+ { "dtstdg",  Z(59,226),	   Z_MASK,	POWER6,		{ BF,  FRA, DGM } },
+ 
+-{ "drintn",  ZRC(59,227,0), Z_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
+-{ "drintn.", ZRC(59,227,1), Z_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
++{ "drintn",  ZRC(59,227,0), Z2_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
++{ "drintn.", ZRC(59,227,1), Z2_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
+ 
+ { "dctdp",   XRC(59,258,0), X_MASK,	POWER6,		{ FRT, FRB } },
+ { "dctdp.",  XRC(59,258,1), X_MASK,	POWER6,		{ FRT, FRB } },
+@@ -4766,8 +4760,8 @@ const struct powerpc_opcode powerpc_opco
+ { "daddq",   XRC(63,2,0), X_MASK,	POWER6,		{ FRT, FRA, FRB } },
+ { "daddq.",  XRC(63,2,1), X_MASK,	POWER6,		{ FRT, FRA, FRB } },
+ 
+-{ "dquaq",   ZRC(63,3,0), Z_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
+-{ "dquaq.",  ZRC(63,3,1), Z_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
++{ "dquaq",   ZRC(63,3,0), Z2_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
++{ "dquaq.",  ZRC(63,3,1), Z2_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
+ 
+ { "fcpsgn",  XRC(63,8,0), X_MASK,	POWER6,		{ FRT, FRA, FRB } },
+ { "fcpsgn.", XRC(63,8,1), X_MASK,	POWER6,		{ FRT, FRA, FRB } },
+@@ -4842,8 +4836,8 @@ const struct powerpc_opcode powerpc_opco
+ { "dmulq",   XRC(63,34,0), X_MASK,	POWER6,		{ FRT, FRA, FRB } },
+ { "dmulq.",  XRC(63,34,1), X_MASK,	POWER6,		{ FRT, FRA, FRB } },
+ 
+-{ "drrndq",  ZRC(63,35,0), Z_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
+-{ "drrndq.", ZRC(63,35,1), Z_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
++{ "drrndq",  ZRC(63,35,0), Z2_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
++{ "drrndq.", ZRC(63,35,1), Z2_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
+ 
+ { "mtfsb1",  XRC(63,38,0), XRARB_MASK,	COM,		{ BT } },
+ { "mtfsb1.", XRC(63,38,1), XRARB_MASK,	COM,		{ BT } },
+@@ -4856,8 +4850,8 @@ const struct powerpc_opcode powerpc_opco
+ { "dscliq",  ZRC(63,66,0), Z_MASK,	POWER6,		{ FRT, FRA, SH16 } },
+ { "dscliq.", ZRC(63,66,1), Z_MASK,	POWER6,		{ FRT, FRA, SH16 } },
+ 
+-{ "dquaiq",  ZRC(63,67,0), Z_MASK,	POWER6,		{ TE,  FRT, FRB, RMC } },
+-{ "dquaiq.", ZRC(63,67,1), Z_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
++{ "dquaiq",  ZRC(63,67,0), Z2_MASK,	POWER6,		{ TE,  FRT, FRB, RMC } },
++{ "dquaiq.", ZRC(63,67,1), Z2_MASK,	POWER6,		{ FRT, FRA, FRB, RMC } },
+ 
+ { "mtfsb0",  XRC(63,70,0), XRARB_MASK,	COM,		{ BT } },
+ { "mtfsb0.", XRC(63,70,1), XRARB_MASK,	COM,		{ BT } },
+@@ -4868,8 +4862,8 @@ const struct powerpc_opcode powerpc_opco
+ { "dscriq",  ZRC(63,98,0), Z_MASK,	POWER6,		{ FRT, FRA, SH16 } },
+ { "dscriq.", ZRC(63,98,1), Z_MASK,	POWER6,		{ FRT, FRA, SH16 } },
+ 
+-{ "drintxq", ZRC(63,99,0), Z_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
+-{ "drintxq.",ZRC(63,99,1), Z_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
++{ "drintxq", ZRC(63,99,0), Z2_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
++{ "drintxq.",ZRC(63,99,1), Z2_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
+ 
+ { "dcmpoq",  X(63,130),	   X_MASK,	POWER6,		{ BF,  FRA, FRB } },
+ 
+@@ -4883,8 +4877,8 @@ const struct powerpc_opcode powerpc_opco
+ { "dtstdcq", Z(63,194),	    Z_MASK,	POWER6,		{ BF,  FRA, DCM } },
+ { "dtstdgq", Z(63,226),	    Z_MASK,	POWER6,		{ BF,  FRA, DGM } },
+ 
+-{ "drintnq", ZRC(63,227,0), Z_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
+-{ "drintnq.",ZRC(63,227,1), Z_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
++{ "drintnq", ZRC(63,227,0), Z2_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
++{ "drintnq.",ZRC(63,227,1), Z2_MASK,	POWER6,		{ R, FRT, FRB, RMC } },
+ 
+ { "dctqpq",  XRC(63,258,0), X_MASK,	POWER6,		{ FRT, FRB } },
+ { "dctqpq.", XRC(63,258,1), X_MASK,	POWER6,		{ FRT, FRB } },
+
+-- 
+Alan Modra
+IBM OzLabs - Linux Technology Centre

gdb.spec

@@ -11,7 +11,7 @@ Name: gdb
 Version: 6.6
 
 # The release always contains a leading reserved number, start it at 1.
-Release: 13%{?dist}
+Release: 14%{?dist}
 
 License: GPL
 Group: Development/Debuggers
@@ -323,8 +323,8 @@ Patch240: gdb-6.6-bz225783-prelink-path.patch
 # Fix debugging GDB itself - the compiled in source files paths (BZ 225783).
 Patch241: gdb-6.6-bz225783-gdb-debuginfo-paths.patch
 
-# Fix harmless GCORE stack buffer overflow, by _FORTIFY_SOURCE=2 (BZ 235753).
-Patch243: gdb-6.6-bz235753-gcore-strings-overflow.patch
+# Fix harmless GCORE stack buffer overflow, by _FORTIFY_SOURCE=2 (BZ 238285).
+Patch243: gdb-6.6-bz238285-gcore-strings-overflow.patch
 
 # Use the runtime variant of `libunwind-ARCH.so.7' rather than the `.so' one.
 Patch244: gdb-6.6-libunwind-major-version.patch
@@ -637,6 +637,10 @@ fi
 # don't include the files in include, they are part of binutils
 
 %changelog
+* Sat Apr 28 2007 Jan Kratochvil <jan.kratochvil@redhat.com> - 6.6-14
+- Fixup for the PPC Power6/DFP instructions disassembly (BZ 230000).
+- New testcase for the GCORE buffer overflow (for BZ 238285, formerly 235753).
+
 * Wed Apr 25 2007 Jan Kratochvil <jan.kratochvil@redhat.com> - 6.6-13
 - Fix `gcore' command for 32bit PPC inferiors on 64bit PPC hosts (BZ 232015).
 
@@ -648,7 +652,7 @@ fi
 - Package review, analysed by Ralf Corsepius (BZ 225783).
  - Fix prelink(8) testcase for non-root $PATH missing `/usr/sbin' (BZ 225783).
  - Fix debugging GDB itself - the compiled in source files paths (BZ 225783).
- - Fix harmless GCORE stack buffer overflow, by _FORTIFY_SOURCE=2 (BZ 235753).
+ - Fix harmless GCORE stack buffer overflow, by _FORTIFY_SOURCE=2 (BZ 238285).
  - Fix XML support - the build was missing `expat-devel'.
  - Updated the `info' files handling by the spec file.
  - Building now with the standard Fedora code protections - _FORTIFY_SOURCE=2.