https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106996
Bug ID: 106996
Summary: SIGSEGV in mapping_symbol_for_insn
Product: gcc
Version: 13.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: debug
Assignee: unassigned at gcc dot gnu.org
Reporter: nickkirkby at protonmail dot ch
Target Milestone: ---
running `disassemble` on a certain function "HAL_ADCCalcValuesFast" in an
armv7le elf results in a SIGSEGV on gdb 12.0, 12.1 and 13.0.50
I built gdb 13.0.50 from source to get the following backtrace:
Thread 1 "gdb" received signal SIGSEGV, Segmentation fault.
0x000055555622616a in mapping_symbol_for_insn (During symbol reading:
incomplete CFI data; unspecified registers (e.g., rax) at 0x555556226181
During symbol reading: .debug_rnglists entry has start address of zero [in
module /home/user/repos/gdb-13.0.50.20220920/build/gdb/gdb]
During symbol reading: .debug_line address at offset 0x2511c7 is 0 [in module
/home/user/repos/gdb-13.0.50.20220920/build/gdb/gdb]
During symbol reading: unsupported tag: 'DW_TAG_unspecified_type'
During symbol reading: Member function "~_Sp_counted_base" (offset 0x1ceaf15)
is virtual but the vtable offset is not specified
During symbol reading: No DW_FORM_block* DW_AT_call_value for DW_TAG_call_site
child DIE 0x1d0ff23 [in module
/home/user/repos/gdb-13.0.50.20220920/build/gdb/gdb]
pc=pc@entry=68022, info=info@entry=0x7fffffffd1c8,
map_symbol=map_symbol@entry=0x7fffffffcf28) at ../../opcodes/arm-dis.c:11868
11868 || bfd_asymbol_flavour (*info->symtab) != bfd_target_elf_flavour)
(top-gdb) p info->symtab
$2 = (asymbol **) 0x0
The symtab is null.
the suspect function "HAL_ADCCalcValuesFast" disassembles fine with
`arm-none-eabi-objdump`:
```
000109b8 <HAL_ADCCalcValuesFast>:
109b8: b5f8 push {r3, r4, r5, r6, r7, lr}
109ba: 460e mov r6, r1
109bc: 4614 mov r4, r2
109be: 4607 mov r7, r0
109c0: b108 cbz r0, 109c6 <HAL_ADCCalcValuesFast+0xe>
109c2: b101 cbz r1, 109c6 <HAL_ADCCalcValuesFast+0xe>
109c4: b932 cbnz r2, 109d4 <HAL_ADCCalcValuesFast+0x1c>
109c6: 4b1a ldr r3, [pc, #104] ; (10a30
<HAL_ADCCalcValuesFast+0x78>)
109c8: 4a1a ldr r2, [pc, #104] ; (10a34
<HAL_ADCCalcValuesFast+0x7c>)
109ca: 481b ldr r0, [pc, #108] ; (10a38
<HAL_ADCCalcValuesFast+0x80>)
109cc: f44f 719c mov.w r1, #312 ; 0x138
109d0: f006 fd5a bl 17488 <__assert_func>
109d4: 4d19 ldr r5, [pc, #100] ; (10a3c
<HAL_ADCCalcValuesFast+0x84>)
109d6: 4628 mov r0, r5
109d8: f7ff ff48 bl 1086c <HAL_ADCGetRaw>
109dc: 882a ldrh r2, [r5, #0]
109de: 4b18 ldr r3, [pc, #96] ; (10a40
<HAL_ADCCalcValuesFast+0x88>)
109e0: ee07 2a10 vmov s14, r2
109e4: edd3 6a06 vldr s13, [r3, #24]
109e8: edd3 7a07 vldr s15, [r3, #28]
109ec: 886a ldrh r2, [r5, #2]
109ee: eeb8 7ac7 vcvt.f32.s32 s14, s14
109f2: eee6 7a87 vfma.f32 s15, s13, s14
109f6: ee07 2a10 vmov s14, r2
109fa: edc7 7a00 vstr s15, [r7]
109fe: edd3 6a04 vldr s13, [r3, #16]
10a02: edd3 7a05 vldr s15, [r3, #20]
10a06: 88aa ldrh r2, [r5, #4]
10a08: eeb8 7ac7 vcvt.f32.s32 s14, s14
10a0c: eee6 7a87 vfma.f32 s15, s13, s14
10a10: ee07 2a10 vmov s14, r2
10a14: edc6 7a00 vstr s15, [r6]
10a18: edd3 6a00 vldr s13, [r3]
10a1c: edd3 7a01 vldr s15, [r3, #4]
10a20: eeb8 7ac7 vcvt.f32.s32 s14, s14
10a24: eee6 7a87 vfma.f32 s15, s13, s14
10a28: edc4 7a00 vstr s15, [r4]
10a2c: bdf8 pop {r3, r4, r5, r6, r7, pc}
10a2e: bf00 nop
10a30: 0001a09b muleq r1, fp, r0
10a34: 0001a0d0 ldrdeq sl, [r1], -r0
10a38: 0001a039 andeq sl, r1, r9, lsr r0
10a3c: 1fffc58a svcne 0x00ffc58a
10a40: 14000554 strne r0, [r0], #-1364 ; 0xfffffaac
```
running `disassemble` under gdb doesn't crash on all functions. `disassemble
main` works fine, but doing so doesn't call the above function
`mapping_symbol_for_insn`.
I compiled the library containing the suspect function `HAL_ADCCalcValuesFast`
for another armv7m target and found that `HAL_ADCCalcValuesFast` *could* be
disassembled under gdb. It also doesn't call the above function
`mapping_symbol_for_insn`.
