CRASH (32-bit client.drsyms test on Fedora 12)

[derekbruening]

From bruen...@google.com on December 17, 2011 19:40:43

bin32/drrun -debug -client suite/tests/bin/libclient.drsyms-test.dll.so 0 '' -- suite/tests/bin/client.drsyms-test
<Starting application client.drsyms-test (15688)>
<Initial options = -client_lib '/work/dr/git/build_x86_dbg_tests/suite/tests/bin/libclient.drsyms-test.dll.so;0;' -code_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -no_inline_ignored_syscalls -no_native_exec -no_indcall2direct >
got correct overflow
finished unmangling.
Segmentation fault (core dumped)

dmesg:
client.drsyms-t[6114]: segfault at 0 ip 00000000f767c82a sp 00000000ff90cccc error 4 in libdrsyms.so[f7675000+48000]

gdb:
Program received signal SIGSEGV, Segmentation fault.
0x0016b82a in StrLen (str=0x0) at /work/dr/git/src/ext/drsyms/demangle.cc:181
181 while (*str != '\0') {
Current language: auto
The current source language is "auto; currently c++".
(gdb) bt
#0 0x0016b82a in StrLen (str=0x0) at /work/dr/git/src/ext/drsyms/demangle.cc:181
#1 0x0016b8c6 in InitState (state=0xffc22e68, mangled=0x0,
out=0x192c08f0 "\253\253"..., out_size=1024)
at /work/dr/git/src/ext/drsyms/demangle.cc:201
#2 0x0016f1f3 in Demangle (mangled=0x0,
out=0x192c08f0 "\253\253"..., out_size=1024, options=0)
at /work/dr/git/src/ext/drsyms/demangle.cc:1352
#3 0x0016b6d1 in drsym_demangle_symbol (
dst=0x192c08f0 "\253\253"..., dst_sz=1024, mangled=0x0, flags=1)
at /work/dr/git/src/ext/drsyms/drsyms_linux.c:928
#4 0x0016a8cd in symsearch_symtab (mod=0x192e03ac, callback=0x16b234 <sym_lookup_cb>, data=0xffc22f6c,
flags=1) at /work/dr/git/src/ext/drsyms/drsyms_linux.c:496
#5 0x0016b21a in drsym_enumerate_symbols_local (modpath=0x192e041c "/lib/libc-2.11.1.so",
callback=0x16b234 <sym_lookup_cb>, data=0xffc22f6c, flags=1)
at /work/dr/git/src/ext/drsyms/drsyms_linux.c:714
#6 0x0016b3c2 in drsym_lookup_symbol_local (modpath=0x192e041c "/lib/libc-2.11.1.so",
symbol=0x161496 "libc!malloc", modoffs=0xffc22fe0, flags=1)
at /work/dr/git/src/ext/drsyms/drsyms_linux.c:782
#7 0x0016b63b in drsym_lookup_symbol (modpath=0x192e041c "/lib/libc-2.11.1.so",
symbol=0x161496 "libc!malloc", modoffs=0xffc22fe0, flags=1)
at /work/dr/git/src/ext/drsyms/drsyms_linux.c:891
#8 0x0015f5f8 in lookup_glibc_syms (dc=0x19232240, dll_data=0x192376a4)
at /work/dr/git/src/suite/tests/client-interface/drsyms-test.dll.cpp:574
#9 0x0015ef6f in lookup_dll_syms (dc=0x19232240, dll_data=0x192376a4, loaded=true)
at /work/dr/git/src/suite/tests/client-interface/drsyms-test.dll.cpp:368
#10 0x0041642c in instrument_module_load (data=0x192376a4, previously_loaded=true)
at /work/dr/git/src/core/x86/instrument.c:1660
#11 0x00413629 in instrument_init () at /work/dr/git/src/core/x86/instrument.c:557
(gdb) up 5
(gdb) p syms[i]
$5 = {st_name = 0, st_value = 0, st_size = 0, st_info = 0 '\000', st_other = 0 '\000', st_shndx = 0}
(gdb) p syms[i+1]
$6 = {st_name = 0, st_value = 0, st_size = 0, st_info = 0 '\000', st_other = 0 '\000', st_shndx = 0}

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=642

[derekbruening]

From bruen...@google.com on December 18, 2011 08:02:26

readelf --sections /lib/libc-2.11.1.so | grep tab
[19] .gcc_except_table PROGBITS 0034a760 16a760 0004a1 00 A 0 0 1
[69] .symtab SYMTAB 00000000 20e6f4 0212c0 10 70 6173 4
[70] .strtab STRTAB 00000000 22f9b4 0196bb 00 0 0 1
[75] .shstrtab STRTAB 00000000 249d68 0004e1 00 0 0 1
readelf --sections /usr/lib/debug/lib/libc-2.11.1.so.debug | grep tab
[19] .gcc_except_table NOBITS 00169fcc 0001c0 0004a1 00 A 0 0 1
[77] .shstrtab STRTAB 00000000 5c3d38 000510 00 0 0 1
[78] .symtab NOBITS 00000000 5c4248 021300 10 79 6177 4
[79] .strtab NOBITS 00000000 5c4248 019647 00 0 0 1

=>

1. linux_drsyms sometimes needs to have two files open: symtab from
   original library but dwarf from its .debug
2. need to not look inside sh_type == SHT_NOBITS

Owner: bruen...@google.com

[derekbruening]

From derek.br...@gmail.com on December 18, 2011 18:43:32

This issue was closed by revision r1197 .

Status: Fixed