blob: cf4987f00c21f64fe3a2dc7a1a047eb1dc0214e9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
qemu-user -g xxx -E LD_PROFILE=xxx segfault
Here is two simple steps to reproduce the bug:
$ qemu-x86_64 -E LD_PROFILE=libc.so.6 -E LD_PROFILE_OUTPUT=. -g 12345 -L / /bin/ls
(libc.so and /bin/ls might change on your system, in this case we just need a binary with a profilable needed library)
In a other window launch:
$ gdb
(gdb) target remote :12345
(gdb) c
At this point qemu will segfault.
It seems this problem is appends when sigprof passed to gdb.
One way I have found to bypass this:
patch gdbstub.c gdb_handlesig and ignore sig if
sig == TARGET_SIGPROF
(which means now I can't catch sigprof on gdb anymore)
We were mis-parsing the 'vCont' packet in the gdb protocol, so when gdb told us "send a SIGPROF (0x1b)" we skipped the first digit in the hex signal number and interpreted it as "send an 0xb", which happens to be SIGSEGV.
Should be fixed by this:
https://<email address hidden>/
https://gitlab.com/qemu-project/qemu/-/commit/3ddd9036389f5f577e09
|