Re: Elfutils segfault on IA64

OK, here's what I get when I run that test in GDB:

Program received signal SIGSEGV, Segmentation fault.

dwarf_frame_register (fs=0x600000000000be00, regno=<optimized out>,

ops_mem=0x60000fffffffb2d0, ops=0x60000fffffffb2c8,

nops=0x60000fffffffb2c0) at dwarf_frame_register.c:105

105 get_uleb128 (block.length, p);

(gdb) bt

#0 dwarf_frame_register (fs=0x600000000000be00, regno=<optimized out>,

ops_mem=0x60000fffffffb2d0, ops=0x60000fffffffb2c8,

nops=0x60000fffffffb2c0) at dwarf_frame_register.c:105

#1 0x4000000000001900 in print_register (arg=<optimized out>, regno=1,

setname=0x20000000004c9b18 "integer", prefix=0x20000000004c8890 "",

regname=0x60000fffffffb328 "r1", bits=-19768, type=675872) at addrcfi.c:100

#2 0x20000000000a5020 in dwfl_module_register_names (mod=0x60000000000062d0,

func=<optimized out>, arg=0x60000fffffffb3a0)

at dwfl_module_register_names.c:74

#3 0x4000000000001bd0 in handle_cfi (stuff=0x60000fffffffb3a0, pc=268436672,

which=0x4000000000002318 ".debug_frame", dwfl=0x60000000000042f0,

cfi=<optimized out>) at addrcfi.c:153

#4 handle_cfi (dwfl=0x60000000000042f0,

which=0x4000000000002318 ".debug_frame", cfi=0x6000000000007420,

pc=268436672, stuff=0x60000fffffffb3a0) at addrcfi.c:107

#5 0x4000000000001f50 in handle_address (pc=268436672,

dwfl=0x60000000000042f0) at addrcfi.c:167

#6 0x40000000000010b0 in main (argc=4, argv=0x60000fffffffb678)

at addrcfi.c:216

The code is this:

Dwarf_Block block;

const uint8_t *p = fs->cache->data->d.d_buf + reg->value;

get_uleb128 (block.length, p); //CRASH HERE

block.data = "" *) p;

The problem is that `p` is not a valid pointer.

(gdb) print p

$11 = (const uint8_t *) 0x60000000004c9ea2 <Address 0x60000000004c9ea2 out of bounds>

However, the base address looks OK:

(gdb) print fs->cache->data->d

$3 = {d_buf = 0x600000000000b830, d_type = ELF_T_BYTE, d_version = 1, d_size = 64, d_off = 0, d_align = 4}

But the register value is quite large:

(gdb) print reg->value

$12 = 4974194

(gdb) print *reg

$14 = {rule = reg_val_expression, value = 4974194}

And thus the computed address is wrong, though the `reg->rule` value looks OK (reg_val_expression == 7). I'm looking for more information, but hopefully that should give you as much info as I have.

Patrick

On Tue, Oct 1, 2013 at 1:43 PM, Kurt Roeckx <kurt@roeckx.be> wrote:

Hi,

The new elfutils (0.157-1) segfaults on IA64. I've been trying
to debug this on merulo but ran into #691576. When using a core
file I also don't get any backtrace.

The problem I'm seeing is:
(sid_ia64-dchroot)kroeckx@merulo:~/elfutils-0.157/tests$ LD_LIBRARY_PATH=../libelf:../libdw:../backends/ /home/kroeckx/elfutils-0.157/tests/addrcfi -e testfileppc32.bz2 0x100004c0
dwarf_cfi_addrframe (.eh_frame): no matching address range
.debug_frame has 0x100004c0 => [0x100004c0, 0x100004d0):
return address in reg65
CFA location _expression_: bregx(1)
integer reg0 (r0): undefined
Segmentation fault (core dumped)

While the output should be something like:
dwarf_cfi_addrframe (.eh_frame): no matching address range
.debug_frame has 0x100004c0 => [0x100004c0, 0x100004d0):
return address in reg65
CFA location _expression_: bregx(1)
integer reg0 (r0): undefined
integer reg1 (r1): location _expression_: call_frame_cfa nop stack_value
integer reg2 (r2): same_value
integer reg3 (r3): undefined
[...]

Can someone help me get any useful information about this?

Kurt

--
To UNSUBSCRIBE, email to debian-ia64-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 20131001184346.GA19436@roeckx.be" target="_blank">http://lists.debian.org/[🔎] 20131001184346.GA19436@roeckx.be