From acb618c7278a61936ef8a20997365ef0daf25cec Mon Sep 17 00:00:00 2001 From: Jan Kratochvil Date: Sat, 28 Apr 2007 21:50:42 +0000 Subject: [PATCH] - Fixup for the PPC Power6/DFP instructions disassembly (BZ 230000). - New testcase for the GCORE buffer overflow (for BZ 238285, formerly 235753). - Related: rhbz#230000 rhbz#238285 rhbz#235753 --- gdb-6.6-bz238285-gcore-strings-overflow.patch | 151 ++++++++++++++ gdb-6.6-upstream.patch | 186 ++++++++++++++++++ gdb.spec | 12 +- 3 files changed, 345 insertions(+), 4 deletions(-) create mode 100644 gdb-6.6-bz238285-gcore-strings-overflow.patch diff --git a/gdb-6.6-bz238285-gcore-strings-overflow.patch b/gdb-6.6-bz238285-gcore-strings-overflow.patch new file mode 100644 index 0000000..78c67db --- /dev/null +++ b/gdb-6.6-bz238285-gcore-strings-overflow.patch @@ -0,0 +1,151 @@ +Failing on _FORTIFY_SOURCE=2 for `gdb.base/corefile.exp'. + + +--- gdb-6.6/gdb/linux-nat.c-orig 2007-04-08 21:12:38.000000000 +0200 ++++ gdb-6.6/gdb/linux-nat.c 2007-04-09 20:05:43.000000000 +0200 +@@ -2838,7 +2838,9 @@ linux_nat_make_corefile_notes (bfd *obfd + { + struct linux_nat_corefile_thread_data thread_args; + struct cleanup *old_chain; ++ /* Length must be >= sizeof (prpsinfo_t.pr_fname). */ + char fname[16] = { '\0' }; ++ /* Length must be >= sizeof (prpsinfo_t.pr_psargs). */ + char psargs[80] = { '\0' }; + char *note_data = NULL; + ptid_t current_ptid = inferior_ptid; +@@ -2851,9 +2853,14 @@ linux_nat_make_corefile_notes (bfd *obfd + strncpy (psargs, get_exec_file (0), sizeof (psargs)); + if (get_inferior_args ()) + { +- strncat (psargs, " ", sizeof (psargs) - strlen (psargs)); +- strncat (psargs, get_inferior_args (), +- sizeof (psargs) - strlen (psargs)); ++ /* linux_elfcore_write_prpsinfo () handles zero non-terminated ++ strings right if they provide enough characters for its purposes. ++ Handle to fully filled (=> zero non-terminated) strings here. */ ++ if (memchr (psargs, 0, sizeof (psargs)) != NULL) ++ strncat (psargs, " ", sizeof (psargs) - strlen (psargs) - 1); ++ if (memchr (psargs, 0, sizeof (psargs)) != NULL) ++ strncat (psargs, get_inferior_args (), ++ sizeof (psargs) - strlen (psargs) - 1); + } + note_data = (char *) linux_elfcore_write_prpsinfo (obfd, note_data, + note_size, fname, + + +2007-04-28 Jan Kratochvil + + * gdb.base/gcore-buffer-overflow.c, gdb.base/gcore-buffer-overflow.exp: + New files. + +Index: ./gdb/testsuite/gdb.base/gcore-buffer-overflow.c +=================================================================== +RCS file: gdb/testsuite/gdb.base/gcore-buffer-overflow.c +diff -N gdb/testsuite/gdb.base/gcore-buffer-overflow.c +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ ./gdb/testsuite/gdb.base/gcore-buffer-overflow.c 28 Apr 2007 18:48:15 -0000 +@@ -0,0 +1,27 @@ ++/* Copyright 2007 Free Software Foundation, Inc. ++ ++ This file is part of GDB. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or (at ++ your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, ++ Boston, MA 02111-1307, USA. */ ++ ++/* ++ * Test GDB's internal buffers safety for the GCORE command. ++ */ ++ ++int main (void) ++{ ++ return 0; ++} +Index: ./gdb/testsuite/gdb.base/gcore-buffer-overflow.exp +=================================================================== +RCS file: gdb/testsuite/gdb.base/gcore-buffer-overflow.exp +diff -N gdb/testsuite/gdb.base/gcore-buffer-overflow.exp +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ ./gdb/testsuite/gdb.base/gcore-buffer-overflow.exp 28 Apr 2007 18:48:15 -0000 +@@ -0,0 +1,70 @@ ++# Copyright 2007 Free Software Foundation, Inc. ++ ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ ++# Please email any bugs, comments, and/or additions to this file to: ++# bug-gdb@prep.ai.mit.edu ++ ++# Test GDB's internal buffers safety for the GCORE command. ++ ++if $tracelevel then { ++ strace $tracelevel ++} ++ ++set prms_id 0 ++set bug_id 0 ++ ++set testfile "gcore-buffer-overflow" ++set srcfile ${testfile}.c ++# The ${binfile} basename needs to exceed 80 characters (`sizeof (psargs)') ++# plus some additional data to overwrite the stack frame. ++set pattern 01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 ++set binfile ${objdir}/${subdir}/${testfile}-${pattern} ++ ++if { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}" executable {debug}] != "" } { ++ untested gcore.exp ++ return -1 ++} ++ ++# Start with a fresh gdb. ++ ++gdb_exit ++gdb_start ++gdb_reinitialize_dir $srcdir/$subdir ++gdb_load ${binfile} ++ ++gdb_test "set args ${pattern}" \ ++ "" \ ++ "Set buffer exceeding arguments" ++ ++if { ! [ runto_main ] } then { ++ untested gcore-buffer-overflow.exp ++ return -1 ++} ++ ++set escapedfilename [string_to_regexp ${objdir}/${subdir}/gcore-buffer-overflow.test] ++ ++set test "save a corefile" ++gdb_test_multiple "gcore ${objdir}/${subdir}/gcore-buffer-overflow.test" $test { ++ -re "Saved corefile ${escapedfilename}\[\r\n\]+$gdb_prompt $" { ++ pass $test ++ } ++ -re "Can't create a corefile\[\r\n\]+$gdb_prompt $" { ++ unsupported $test ++ } ++ eof { ++ fail $test ++ } ++} diff --git a/gdb-6.6-upstream.patch b/gdb-6.6-upstream.patch index 890147e..886f92b 100644 --- a/gdb-6.6-upstream.patch +++ b/gdb-6.6-upstream.patch @@ -552,3 +552,189 @@ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232353 /* The objfile containing the symbol whose location we're computing. */ /* Used (only???) by thread local variables. The objfile in which + + +https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230000 + + +Fixes embarrassing errors in the ppc dfp instructions committed some +time ago. IBM numbers bits in architecture manuals starting from zero +in the most signifigant bit. Fields are marked by numbering their +most signifigant bit too. This means some translating is required when +filling out new powerpc_operand entries. You can't just plug IBM +numbers into the shift counts. Also, Z_MASK is too big for +instructions that take RMC operands. + + * ppc-opc.c (DCM, DGM, TE, RMC, R, SP, S): Correct shift. + (Z2_MASK): Define. + (powerpc_opcodes): Use Z2_MASK in all insns taking RMC operand. + +--- ./opcodes/ppc-opc.c 19 Apr 2007 01:39:31 -0000 1.91 ++++ ./opcodes/ppc-opc.c 20 Apr 2007 09:52:09 -0000 +@@ -530,8 +530,9 @@ const struct powerpc_operand powerpc_ope + #define SIMM VD + 1 + { 5, 16, NULL, NULL, PPC_OPERAND_SIGNED}, + +- /* The UIMM field in a VX form instruction. */ ++ /* The UIMM field in a VX form instruction, and TE in Z form. */ + #define UIMM SIMM + 1 ++#define TE UIMM + { 5, 16, NULL, NULL, 0 }, + + /* The SHB field in a VA form instruction. */ +@@ -564,31 +565,23 @@ const struct powerpc_operand powerpc_ope + #define A_L MTMSRD_L + { 1, 16, NULL, NULL, PPC_OPERAND_OPTIONAL }, + +- /* The DCM field in a Z form instruction. */ +-#define DCM MTMSRD_L + 1 +- { 6, 16, NULL, NULL, 0 }, +- +- /* Likewise, the DGM field in a Z form instruction. */ +-#define DGM DCM + 1 +- { 6, 16, NULL, NULL, 0 }, +- +-#define TE DGM + 1 +- { 5, 11, NULL, NULL, 0 }, +- +-#define RMC TE + 1 +- { 2, 21, NULL, NULL, 0 }, ++#define RMC A_L + 1 ++ { 2, 9, NULL, NULL, 0 }, + + #define R RMC + 1 +- { 1, 15, NULL, NULL, 0 }, ++ { 1, 16, NULL, NULL, 0 }, + + #define SP R + 1 +- { 2, 11, NULL, NULL, 0 }, ++ { 2, 19, NULL, NULL, 0 }, + + #define S SP + 1 +- { 1, 11, NULL, NULL, 0 }, ++ { 1, 20, NULL, NULL, 0 }, + + /* SH field starting at bit position 16. */ + #define SH16 S + 1 ++ /* The DCM and DGM fields in a Z form instruction. */ ++#define DCM SH16 ++#define DGM DCM + { 6, 10, NULL, NULL, 0 }, + + /* The L field in an X form with the RT field fixed instruction. */ +@@ -1683,6 +1676,7 @@ extract_tbr (unsigned long insn, + + /* The mask for a Z form instruction. */ + #define Z_MASK ZRC (0x3f, 0x1ff, 1) ++#define Z2_MASK ZRC (0x3f, 0xff, 1) + + /* An X_MASK with the RA field fixed. */ + #define XRA_MASK (X_MASK | RA_MASK) +@@ -4639,8 +4633,8 @@ const struct powerpc_opcode powerpc_opco + { "dadd", XRC(59,2,0), X_MASK, POWER6, { FRT, FRA, FRB } }, + { "dadd.", XRC(59,2,1), X_MASK, POWER6, { FRT, FRA, FRB } }, + +-{ "dqua", ZRC(59,3,0), Z_MASK, POWER6, { FRT, FRA, FRB, RMC } }, +-{ "dqua.", ZRC(59,3,1), Z_MASK, POWER6, { FRT, FRA, FRB, RMC } }, ++{ "dqua", ZRC(59,3,0), Z2_MASK, POWER6, { FRT, FRA, FRB, RMC } }, ++{ "dqua.", ZRC(59,3,1), Z2_MASK, POWER6, { FRT, FRA, FRB, RMC } }, + + { "fdivs", A(59,18,0), AFRC_MASK, PPC, { FRT, FRA, FRB } }, + { "fdivs.", A(59,18,1), AFRC_MASK, PPC, { FRT, FRA, FRB } }, +@@ -4678,20 +4672,20 @@ const struct powerpc_opcode powerpc_opco + { "dmul", XRC(59,34,0), X_MASK, POWER6, { FRT, FRA, FRB } }, + { "dmul.", XRC(59,34,1), X_MASK, POWER6, { FRT, FRA, FRB } }, + +-{ "drrnd", ZRC(59,35,0), Z_MASK, POWER6, { FRT, FRA, FRB, RMC } }, +-{ "drrnd.", ZRC(59,35,1), Z_MASK, POWER6, { FRT, FRA, FRB, RMC } }, ++{ "drrnd", ZRC(59,35,0), Z2_MASK, POWER6, { FRT, FRA, FRB, RMC } }, ++{ "drrnd.", ZRC(59,35,1), Z2_MASK, POWER6, { FRT, FRA, FRB, RMC } }, + + { "dscli", ZRC(59,66,0), Z_MASK, POWER6, { FRT, FRA, SH16 } }, + { "dscli.", ZRC(59,66,1), Z_MASK, POWER6, { FRT, FRA, SH16 } }, + +-{ "dquai", ZRC(59,67,0), Z_MASK, POWER6, { TE, FRT, FRB, RMC } }, +-{ "dquai.", ZRC(59,67,1), Z_MASK, POWER6, { TE, FRT, FRB, RMC } }, ++{ "dquai", ZRC(59,67,0), Z2_MASK, POWER6, { TE, FRT, FRB, RMC } }, ++{ "dquai.", ZRC(59,67,1), Z2_MASK, POWER6, { TE, FRT, FRB, RMC } }, + + { "dscri", ZRC(59,98,0), Z_MASK, POWER6, { FRT, FRA, SH16 } }, + { "dscri.", ZRC(59,98,1), Z_MASK, POWER6, { FRT, FRA, SH16 } }, + +-{ "drintx", ZRC(59,99,0), Z_MASK, POWER6, { R, FRT, FRB, RMC } }, +-{ "drintx.", ZRC(59,99,1), Z_MASK, POWER6, { R, FRT, FRB, RMC } }, ++{ "drintx", ZRC(59,99,0), Z2_MASK, POWER6, { R, FRT, FRB, RMC } }, ++{ "drintx.", ZRC(59,99,1), Z2_MASK, POWER6, { R, FRT, FRB, RMC } }, + + { "dcmpo", X(59,130), X_MASK, POWER6, { BF, FRA, FRB } }, + +@@ -4699,8 +4693,8 @@ const struct powerpc_opcode powerpc_opco + { "dtstdc", Z(59,194), Z_MASK, POWER6, { BF, FRA, DCM } }, + { "dtstdg", Z(59,226), Z_MASK, POWER6, { BF, FRA, DGM } }, + +-{ "drintn", ZRC(59,227,0), Z_MASK, POWER6, { R, FRT, FRB, RMC } }, +-{ "drintn.", ZRC(59,227,1), Z_MASK, POWER6, { R, FRT, FRB, RMC } }, ++{ "drintn", ZRC(59,227,0), Z2_MASK, POWER6, { R, FRT, FRB, RMC } }, ++{ "drintn.", ZRC(59,227,1), Z2_MASK, POWER6, { R, FRT, FRB, RMC } }, + + { "dctdp", XRC(59,258,0), X_MASK, POWER6, { FRT, FRB } }, + { "dctdp.", XRC(59,258,1), X_MASK, POWER6, { FRT, FRB } }, +@@ -4766,8 +4760,8 @@ const struct powerpc_opcode powerpc_opco + { "daddq", XRC(63,2,0), X_MASK, POWER6, { FRT, FRA, FRB } }, + { "daddq.", XRC(63,2,1), X_MASK, POWER6, { FRT, FRA, FRB } }, + +-{ "dquaq", ZRC(63,3,0), Z_MASK, POWER6, { FRT, FRA, FRB, RMC } }, +-{ "dquaq.", ZRC(63,3,1), Z_MASK, POWER6, { FRT, FRA, FRB, RMC } }, ++{ "dquaq", ZRC(63,3,0), Z2_MASK, POWER6, { FRT, FRA, FRB, RMC } }, ++{ "dquaq.", ZRC(63,3,1), Z2_MASK, POWER6, { FRT, FRA, FRB, RMC } }, + + { "fcpsgn", XRC(63,8,0), X_MASK, POWER6, { FRT, FRA, FRB } }, + { "fcpsgn.", XRC(63,8,1), X_MASK, POWER6, { FRT, FRA, FRB } }, +@@ -4842,8 +4836,8 @@ const struct powerpc_opcode powerpc_opco + { "dmulq", XRC(63,34,0), X_MASK, POWER6, { FRT, FRA, FRB } }, + { "dmulq.", XRC(63,34,1), X_MASK, POWER6, { FRT, FRA, FRB } }, + +-{ "drrndq", ZRC(63,35,0), Z_MASK, POWER6, { FRT, FRA, FRB, RMC } }, +-{ "drrndq.", ZRC(63,35,1), Z_MASK, POWER6, { FRT, FRA, FRB, RMC } }, ++{ "drrndq", ZRC(63,35,0), Z2_MASK, POWER6, { FRT, FRA, FRB, RMC } }, ++{ "drrndq.", ZRC(63,35,1), Z2_MASK, POWER6, { FRT, FRA, FRB, RMC } }, + + { "mtfsb1", XRC(63,38,0), XRARB_MASK, COM, { BT } }, + { "mtfsb1.", XRC(63,38,1), XRARB_MASK, COM, { BT } }, +@@ -4856,8 +4850,8 @@ const struct powerpc_opcode powerpc_opco + { "dscliq", ZRC(63,66,0), Z_MASK, POWER6, { FRT, FRA, SH16 } }, + { "dscliq.", ZRC(63,66,1), Z_MASK, POWER6, { FRT, FRA, SH16 } }, + +-{ "dquaiq", ZRC(63,67,0), Z_MASK, POWER6, { TE, FRT, FRB, RMC } }, +-{ "dquaiq.", ZRC(63,67,1), Z_MASK, POWER6, { FRT, FRA, FRB, RMC } }, ++{ "dquaiq", ZRC(63,67,0), Z2_MASK, POWER6, { TE, FRT, FRB, RMC } }, ++{ "dquaiq.", ZRC(63,67,1), Z2_MASK, POWER6, { FRT, FRA, FRB, RMC } }, + + { "mtfsb0", XRC(63,70,0), XRARB_MASK, COM, { BT } }, + { "mtfsb0.", XRC(63,70,1), XRARB_MASK, COM, { BT } }, +@@ -4868,8 +4862,8 @@ const struct powerpc_opcode powerpc_opco + { "dscriq", ZRC(63,98,0), Z_MASK, POWER6, { FRT, FRA, SH16 } }, + { "dscriq.", ZRC(63,98,1), Z_MASK, POWER6, { FRT, FRA, SH16 } }, + +-{ "drintxq", ZRC(63,99,0), Z_MASK, POWER6, { R, FRT, FRB, RMC } }, +-{ "drintxq.",ZRC(63,99,1), Z_MASK, POWER6, { R, FRT, FRB, RMC } }, ++{ "drintxq", ZRC(63,99,0), Z2_MASK, POWER6, { R, FRT, FRB, RMC } }, ++{ "drintxq.",ZRC(63,99,1), Z2_MASK, POWER6, { R, FRT, FRB, RMC } }, + + { "dcmpoq", X(63,130), X_MASK, POWER6, { BF, FRA, FRB } }, + +@@ -4883,8 +4877,8 @@ const struct powerpc_opcode powerpc_opco + { "dtstdcq", Z(63,194), Z_MASK, POWER6, { BF, FRA, DCM } }, + { "dtstdgq", Z(63,226), Z_MASK, POWER6, { BF, FRA, DGM } }, + +-{ "drintnq", ZRC(63,227,0), Z_MASK, POWER6, { R, FRT, FRB, RMC } }, +-{ "drintnq.",ZRC(63,227,1), Z_MASK, POWER6, { R, FRT, FRB, RMC } }, ++{ "drintnq", ZRC(63,227,0), Z2_MASK, POWER6, { R, FRT, FRB, RMC } }, ++{ "drintnq.",ZRC(63,227,1), Z2_MASK, POWER6, { R, FRT, FRB, RMC } }, + + { "dctqpq", XRC(63,258,0), X_MASK, POWER6, { FRT, FRB } }, + { "dctqpq.", XRC(63,258,1), X_MASK, POWER6, { FRT, FRB } }, + +-- +Alan Modra +IBM OzLabs - Linux Technology Centre diff --git a/gdb.spec b/gdb.spec index 4bddb24..cb3c862 100644 --- a/gdb.spec +++ b/gdb.spec @@ -11,7 +11,7 @@ Name: gdb Version: 6.6 # The release always contains a leading reserved number, start it at 1. -Release: 13%{?dist} +Release: 14%{?dist} License: GPL Group: Development/Debuggers @@ -323,8 +323,8 @@ Patch240: gdb-6.6-bz225783-prelink-path.patch # Fix debugging GDB itself - the compiled in source files paths (BZ 225783). Patch241: gdb-6.6-bz225783-gdb-debuginfo-paths.patch -# Fix harmless GCORE stack buffer overflow, by _FORTIFY_SOURCE=2 (BZ 235753). -Patch243: gdb-6.6-bz235753-gcore-strings-overflow.patch +# Fix harmless GCORE stack buffer overflow, by _FORTIFY_SOURCE=2 (BZ 238285). +Patch243: gdb-6.6-bz238285-gcore-strings-overflow.patch # Use the runtime variant of `libunwind-ARCH.so.7' rather than the `.so' one. Patch244: gdb-6.6-libunwind-major-version.patch @@ -637,6 +637,10 @@ fi # don't include the files in include, they are part of binutils %changelog +* Sat Apr 28 2007 Jan Kratochvil - 6.6-14 +- Fixup for the PPC Power6/DFP instructions disassembly (BZ 230000). +- New testcase for the GCORE buffer overflow (for BZ 238285, formerly 235753). + * Wed Apr 25 2007 Jan Kratochvil - 6.6-13 - Fix `gcore' command for 32bit PPC inferiors on 64bit PPC hosts (BZ 232015). @@ -648,7 +652,7 @@ fi - Package review, analysed by Ralf Corsepius (BZ 225783). - Fix prelink(8) testcase for non-root $PATH missing `/usr/sbin' (BZ 225783). - Fix debugging GDB itself - the compiled in source files paths (BZ 225783). - - Fix harmless GCORE stack buffer overflow, by _FORTIFY_SOURCE=2 (BZ 235753). + - Fix harmless GCORE stack buffer overflow, by _FORTIFY_SOURCE=2 (BZ 238285). - Fix XML support - the build was missing `expat-devel'. - Updated the `info' files handling by the spec file. - Building now with the standard Fedora code protections - _FORTIFY_SOURCE=2.