drgn icon indicating copy to clipboard operation
drgn copied to clipboard
verified publisher icon osandov

Issue finding string literal in readonly memory for userland core

Open sdimitro opened this issue 2 years ago • 2 comments

Example test file:

$ cat test.c # compiled with gcc -O0 -g
// C program to demonstrate segmentation fault/core dump
// by modifying a string literal
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

char* str;

int main()
{
	str = "Hello, World!\n";
	// Problem: trying to modify read only memory //
	*(str + 1) = 'n';
	return 0;
}

gdb equivalent pointers:

$ sudo gdb a.out /var/crash/core.a.out.229185.1678905166
GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from b.out...
[New LWP 229185]
Core was generated by `./a.out'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  main () at test.c:13
13		*(str + 1) = 'n';
(gdb) p str
$1 = 0x55e1cb33b004 "Hello, World!\n"
(gdb) p str[0]
$2 = 72 'H'

drgn:

$ drgn -c /var/crash/core.a.out.229185.1678905166
drgn 0.0.22 (using Python 3.8.10, elfutils 0.188, with libkdumpfile)
For help, type help(drgn).
>>> import drgn
>>> from drgn import NULL, Object, cast, container_of, execscript, offsetof, reinterpret, sizeof
>>> from drgn.helpers.common import *
>>> prog['str']
(char *)0x55e1cb33b004
>>> prog['str'][0]
Traceback (most recent call last):
  File "/usr/lib/python3.8/code.py", line 90, in runcode
    exec(code, self.locals)
  File "<console>", line 1, in <module>
  File "/usr/local/lib/python3.8/dist-packages/drgn/internal/cli.py", line 56, in displayhook
    text = value.format_(columns=shutil.get_terminal_size((0, 0)).columns)
_drgn.FaultError: memory not saved in core dump: 0x55e1cb33b004
>>> ^C


$ drgn -c /var/crash/core.a.out.229185.1678905166 -s a.out
drgn 0.0.22 (using Python 3.8.10, elfutils 0.188, with libkdumpfile)
For help, type help(drgn).
>>> import drgn
>>> from drgn import NULL, Object, cast, container_of, execscript, offsetof, reinterpret, sizeof
>>> from drgn.helpers.common import *
>>> prog['str']
Traceback (most recent call last):
  File "/usr/lib/python3.8/code.py", line 90, in runcode
    exec(code, self.locals)
  File "<console>", line 1, in <module>
  File "/usr/local/lib/python3.8/dist-packages/drgn/internal/cli.py", line 56, in displayhook
    text = value.format_(columns=shutil.get_terminal_size((0, 0)).columns)
_drgn.FaultError: could not find memory segment: 0x4018
>>>

sdimitro avatar Mar 15 '23 18:03 sdimitro

cc @pcd1193182

sdimitro avatar Mar 15 '23 18:03 sdimitro

This is a known TODO: https://github.com/osandov/drgn/blob/1133b2fd318ec75019cfc2820a761e9f52f4f609/libdrgn/debug_info.c#L2041-L2045

osandov avatar Mar 15 '23 19:03 osandov