dominik.b.czarnota+bugzilla at gmail dot com
2017-08-11 20:02:29 UTC
https://sourceware.org/bugzilla/show_bug.cgi?id=21946
Bug ID: 21946
Summary: Python API search_memory remote targets bug
Product: gdb
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gdb
Assignee: unassigned at sourceware dot org
Reporter: dominik.b.czarnota+bugzilla at gmail dot com
Target Milestone: ---
Hey,
There is a bug with `gdb.selected_inferior().search_memory(startaddr, size,
searchfor)` returning wrong results in some cases for remote targets.
To reproduce:
1. In first console launch `gdbserver localhost:4444 /bin/ls`
2. In second console fire:
```
$ gdb /bin/ls
Reading symbols from /bin/ls...(no debugging symbols found)...done.
(gdb) target remote localhost:4444
Remote debugging using localhost:4444
Reading /lib64/ld-linux-x86-64.so.2 from remote target...
warning: File transfers from remote targets can be slow. Use "set sysroot" to
access files locally instead.
Reading /lib64/ld-linux-x86-64.so.2 from remote target...
Reading symbols from target:/lib64/ld-linux-x86-64.so.2...(no debugging symbols
found)...done.
0x00007ff8582a6cc0 in _start () from target:/lib64/ld-linux-x86-64.so.2
(gdb) info proc mappings
process 11537
Mapped address spaces:
Start Addr End Addr Size Offset objfile
0x400000 0x41f000 0x1f000 0x0 /usr/bin/ls
0x61e000 0x620000 0x2000 0x1e000 /usr/bin/ls
0x620000 0x621000 0x1000 0x0 [heap]
0x7ff8582a6000 0x7ff8582c9000 0x23000 0x0
/usr/lib/ld-2.25.so
0x7ff8584c4000 0x7ff8584c7000 0x3000 0x0 [vvar]
0x7ff8584c7000 0x7ff8584c9000 0x2000 0x0 [vdso]
0x7ff8584c9000 0x7ff8584cb000 0x2000 0x23000
/usr/lib/ld-2.25.so
0x7ff8584cb000 0x7ff8584cc000 0x1000 0x0
0x7ffffffdd000 0x7ffffffff000 0x22000 0x0 [stack]
0xffffffffff600000 0xffffffffff601000 0x1000 0x0 [vsyscall]
(gdb) #grab stack startaddr & size
(gdb) py import gdb; print("0x%x" %
gdb.selected_inferior().search_memory(0x7ffffffdd000, 0x22000, "bin/"))
0x7f23050a3390
(gdb) # the address is invalid?
(gdb) x/s 0x7f23050a3390
0x7f23050a3390: <error: Cannot access memory at address 0x7f23050a3390>
(gdb) x/xg 0x7f23050a3390
0x7f23050a3390: Cannot access memory at address 0x7f23050a3390
(gdb) set remote search-memory-packet off
(gdb) py import gdb; print("0x%x" %
gdb.selected_inferior().search_memory(0x7ffffffdd000, 0x22000, "bin/"))
0x7fffffffdaba
(gdb) x/s 0x7fffffffdaba
0x7fffffffdaba: "bin/ls"
(gdb)
```
Basically it seems that when the `remote search-memory-packet` parameter is
enabled, the search results are wrong.
I am not aware what does this option introduce, but it seems it is a good
workaround.
My GDB/Python version can be seen below:
```
pwndbg> version
Gdb: GNU gdb (GDB) 8.0
Python: 3.6.2 (default, Jul 20 2017, 03:52:27) [GCC 7.1.1 20170630]
Pwndbg: 1.0.0 build: f481201
```
Bug ID: 21946
Summary: Python API search_memory remote targets bug
Product: gdb
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gdb
Assignee: unassigned at sourceware dot org
Reporter: dominik.b.czarnota+bugzilla at gmail dot com
Target Milestone: ---
Hey,
There is a bug with `gdb.selected_inferior().search_memory(startaddr, size,
searchfor)` returning wrong results in some cases for remote targets.
To reproduce:
1. In first console launch `gdbserver localhost:4444 /bin/ls`
2. In second console fire:
```
$ gdb /bin/ls
Reading symbols from /bin/ls...(no debugging symbols found)...done.
(gdb) target remote localhost:4444
Remote debugging using localhost:4444
Reading /lib64/ld-linux-x86-64.so.2 from remote target...
warning: File transfers from remote targets can be slow. Use "set sysroot" to
access files locally instead.
Reading /lib64/ld-linux-x86-64.so.2 from remote target...
Reading symbols from target:/lib64/ld-linux-x86-64.so.2...(no debugging symbols
found)...done.
0x00007ff8582a6cc0 in _start () from target:/lib64/ld-linux-x86-64.so.2
(gdb) info proc mappings
process 11537
Mapped address spaces:
Start Addr End Addr Size Offset objfile
0x400000 0x41f000 0x1f000 0x0 /usr/bin/ls
0x61e000 0x620000 0x2000 0x1e000 /usr/bin/ls
0x620000 0x621000 0x1000 0x0 [heap]
0x7ff8582a6000 0x7ff8582c9000 0x23000 0x0
/usr/lib/ld-2.25.so
0x7ff8584c4000 0x7ff8584c7000 0x3000 0x0 [vvar]
0x7ff8584c7000 0x7ff8584c9000 0x2000 0x0 [vdso]
0x7ff8584c9000 0x7ff8584cb000 0x2000 0x23000
/usr/lib/ld-2.25.so
0x7ff8584cb000 0x7ff8584cc000 0x1000 0x0
0x7ffffffdd000 0x7ffffffff000 0x22000 0x0 [stack]
0xffffffffff600000 0xffffffffff601000 0x1000 0x0 [vsyscall]
(gdb) #grab stack startaddr & size
(gdb) py import gdb; print("0x%x" %
gdb.selected_inferior().search_memory(0x7ffffffdd000, 0x22000, "bin/"))
0x7f23050a3390
(gdb) # the address is invalid?
(gdb) x/s 0x7f23050a3390
0x7f23050a3390: <error: Cannot access memory at address 0x7f23050a3390>
(gdb) x/xg 0x7f23050a3390
0x7f23050a3390: Cannot access memory at address 0x7f23050a3390
(gdb) set remote search-memory-packet off
(gdb) py import gdb; print("0x%x" %
gdb.selected_inferior().search_memory(0x7ffffffdd000, 0x22000, "bin/"))
0x7fffffffdaba
(gdb) x/s 0x7fffffffdaba
0x7fffffffdaba: "bin/ls"
(gdb)
```
Basically it seems that when the `remote search-memory-packet` parameter is
enabled, the search results are wrong.
I am not aware what does this option introduce, but it seems it is a good
workaround.
My GDB/Python version can be seen below:
```
pwndbg> version
Gdb: GNU gdb (GDB) 8.0
Python: 3.6.2 (default, Jul 20 2017, 03:52:27) [GCC 7.1.1 20170630]
Pwndbg: 1.0.0 build: f481201
```
--
You are receiving this mail because:
You are on the CC list for the bug.
You are receiving this mail because:
You are on the CC list for the bug.