Avoid double-free with debuginfod

PR gdb/29257 points out a possible double free when debuginfod is in
use.  Aside from some ugly warts in the symbol code (an ongoing
issue), the underlying issue in this particular case is that elfread.c
seems to assume that symfile_bfd_open will return NULL on error,
whereas in reality it throws an exception.  As this code isn't
prepared for an exception, bad things result.

This patch fixes the problem by introducing a non-throwing variant of
symfile_bfd_open and using it in the affected places.

Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29257

diff --git a/gdb/elfread.c b/gdb/elfread.c
index 5577149204431751c37c0abf9fd3b86706ef606b..0305bf21894699b43c9693787c385e8b3a39d51b 100644 (file)
--- a/gdb/elfread.c
+++ b/gdb/elfread.c
@@ -1232,10 +1232,12 @@ elf_symfile_read_dwarf2 (struct objfile *objfile,
 
       if (!debugfile.empty ())
        {
-         gdb_bfd_ref_ptr debug_bfd (symfile_bfd_open (debugfile.c_str ()));
+         gdb_bfd_ref_ptr debug_bfd
+           (symfile_bfd_open_no_error (debugfile.c_str ()));
 
-         symbol_file_add_separate (debug_bfd, debugfile.c_str (),
-                                   symfile_flags, objfile);
+         if (debug_bfd != nullptr)
+           symbol_file_add_separate (debug_bfd, debugfile.c_str (),
+                                     symfile_flags, objfile);
        }
       else
        {
@@ -1255,13 +1257,12 @@ elf_symfile_read_dwarf2 (struct objfile *objfile,
              if (fd.get () >= 0)
                {
                  /* File successfully retrieved from server.  */
-                 gdb_bfd_ref_ptr debug_bfd (symfile_bfd_open (symfile_path.get ()));
+                 gdb_bfd_ref_ptr debug_bfd
+                   (symfile_bfd_open_no_error (symfile_path.get ()));
 
-                 if (debug_bfd == nullptr)
-                   warning (_("File \"%s\" from debuginfod cannot be opened as bfd"),
-                            filename);
-                 else if (build_id_verify (debug_bfd.get (), build_id->size,
-                                           build_id->data))
+                 if (debug_bfd != nullptr
+                     && build_id_verify (debug_bfd.get (), build_id->size,
+                                         build_id->data))
                    {
                      symbol_file_add_separate (debug_bfd, symfile_path.get (),
                                                symfile_flags, objfile);

diff --git a/gdb/symfile.c b/gdb/symfile.c
index bb9981a4634f792511ddf261ccd7042a82b266db..8ae2177b1594fe2a97f2540ef80c3ecc4b523010 100644 (file)
--- a/gdb/symfile.c
+++ b/gdb/symfile.c
@@ -1769,6 +1769,23 @@ symfile_bfd_open (const char *name)
   return sym_bfd;
 }
 
+/* See symfile.h.  */
+
+gdb_bfd_ref_ptr
+symfile_bfd_open_no_error (const char *name) noexcept
+{
+  try
+    {
+      return symfile_bfd_open (name);
+    }
+  catch (const gdb_exception_error &err)
+    {
+      warning ("%s", err.what ());
+    }
+
+  return nullptr;
+}
+
 /* Return the section index for SECTION_NAME on OBJFILE.  Return -1 if
    the section was not found.  */
 

diff --git a/gdb/symfile.h b/gdb/symfile.h
index b433e2be31a06cd7d9379db8b9fb298253d7f31f..7c800ea6cf9891ffcc05c884eca67591d12583f7 100644 (file)
--- a/gdb/symfile.h
+++ b/gdb/symfile.h
@@ -276,6 +276,11 @@ extern void set_initial_language (void);
 
 extern gdb_bfd_ref_ptr symfile_bfd_open (const char *);
 
+/* Like symfile_bfd_open, but will not throw an exception on error.
+   Instead, it issues a warning and returns nullptr.  */
+
+extern gdb_bfd_ref_ptr symfile_bfd_open_no_error (const char *) noexcept;
+
 extern int get_section_index (struct objfile *, const char *);
 
 extern int print_symbol_loading_p (int from_tty, int mainline, int full);