From 5fae2a2c66ca865f54505adb37be6bd51fecb6cd Mon Sep 17 00:00:00 2001 From: Tom de Vries Date: Thu, 14 Jan 2021 10:35:34 +0100 Subject: [PATCH] [gdb/breakpoint] Handle .plt.sec in in_plt_section Consider the following test-case small.c: ... #include #include #include int main (void) { int *p = (int *)malloc (sizeof(int) * 4); memset (p, 0, sizeof(p)); printf ("p[0] = %d; p[3] = %d\n", p[0], p[3]); return 0; } ... On Ubuntu 20.04, we get: ... $ gcc -O0 -g small.c $ gdb -batch a.out -ex start -ex step Temporary breakpoint 1, main () at small.c:6 6 int *p = (int *) malloc(sizeof(int) * 4); p[0] = 0; p[3] = 0 [Inferior 1 (process $dec) exited normally] ... but after switching off the on-by-default fcf-protection, we get the desired behaviour: ... $ gcc -O0 -g small.c -fcf-protection=none $ gdb -batch a.out -ex start -ex step Temporary breakpoint 1, main () at small.c:6 6 int *p = (int *) malloc(sizeof(int) * 4); 7 memset (p, 0, sizeof(p)); ... Using "set debug infrun 1", the first observable difference between the two debug sessions is that with -fcf-protection=none we get: ... [infrun] process_event_stop_test: stepped into dynsym resolve code ... In this case, "in_solib_dynsym_resolve_code (malloc@plt)" returns true because "in_plt_section (malloc@plt)" returns true. With -fcf-protection=full, "in_solib_dynsym_resolve_code (malloc@plt)" returns false because "in_plt_section (malloc@plt)" returns false, because the section name for malloc@plt is .plt.sec instead of .plt, which is not handled in in_plt_section: ... static inline int in_plt_section (CORE_ADDR pc) { return pc_in_section (pc, ".plt"); } ... Fix this by handling .plt.sec in in_plt_section. Tested on x86_64-linux. [ Another requirement to be able to reproduce this is to have a dynamic linker with a "malloc" minimal symbol, which causes find_solib_trampoline_target to find it, such that skip_language_trampoline returns the address for the dynamic linkers malloc. This causes the step machinery to set a breakpoint there, and to continue, expecting to hit it. Obviously, we execute glibc's malloc instead, so the breakpoint is not hit and we continue to program completion. ] gdb/ChangeLog: 2021-01-14 Tom de Vries PR breakpoints/27151 * objfiles.h (in_plt_section): Handle .plt.sec. --- gdb/ChangeLog | 5 +++++ gdb/objfiles.h | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index 7d20a69a74..c290957bd7 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,8 @@ +2021-01-14 Tom de Vries + + PR breakpoints/27151 + * objfiles.h (in_plt_section): Handle .plt.sec. + 2021-01-13 Andrew Burgess PR gdb/26819 diff --git a/gdb/objfiles.h b/gdb/objfiles.h index 49578ee890..052f109db4 100644 --- a/gdb/objfiles.h +++ b/gdb/objfiles.h @@ -786,7 +786,8 @@ extern int pc_in_section (CORE_ADDR, const char *); static inline int in_plt_section (CORE_ADDR pc) { - return pc_in_section (pc, ".plt"); + return (pc_in_section (pc, ".plt") + || pc_in_section (pc, ".plt.sec")); } /* Keep a registry of per-objfile data-pointers required by other GDB -- 2.34.1