From: Keith Seitz Date: Tue, 5 Aug 2025 17:44:48 +0000 (-0700) Subject: should_validate_memtags: Do not dereference references X-Git-Tag: gdb-17-branchpoint~353 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=be10a32638c481d4152d92b6157beb18e3210953;p=thirdparty%2Fbinutils-gdb.git should_validate_memtags: Do not dereference references should_validate_memtags uses value_as_address to evalute whether an address for a value is tagged. The comments for that function simply say, "Extract a value as a C pointer." While that sounds innoncuous, that function calls coerce_array, which will dereference any references. This is not what is desired here. This can be demonstrated on an MTE-enabled host, such as aarch64- based Ampere (example taken from tests introduced in this patch): (gdb) p b.get_foo () Could not validate memory tag: Value can't be converted to integer. $2 = (const foo &) @0xffffffffed88: {m_a = 42} While the command completes, gdb didn't actually attempt to evaluate any memory tags. Fix this by using unpack_pointer instead. Tested on x86_64 Fedora 40 and aarch64 RHEL 9.6. --- diff --git a/gdb/printcmd.c b/gdb/printcmd.c index 19fbc20074e..d1cf72d371d 100644 --- a/gdb/printcmd.c +++ b/gdb/printcmd.c @@ -1290,7 +1290,9 @@ should_validate_memtags (gdbarch *gdbarch, struct value *value) return false; /* We do. Check whether it includes any tags. */ - return target_is_address_tagged (gdbarch, value_as_address (value)); + struct type *val_type = value->type (); + const gdb_byte *data = value->contents ().data (); + return target_is_address_tagged (gdbarch, unpack_pointer (val_type, data)); } /* Helper for parsing arguments for print_command_1. */ diff --git a/gdb/testsuite/gdb.cp/method-ref-return.cc b/gdb/testsuite/gdb.cp/method-ref-return.cc new file mode 100644 index 00000000000..4169bfe6908 --- /dev/null +++ b/gdb/testsuite/gdb.cp/method-ref-return.cc @@ -0,0 +1,42 @@ +/* This testcase is part of GDB, the GNU debugger. + + Copyright 2025 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +/* Test that we can access class method/data member via reference. */ + +struct foo +{ + foo () : m_a (42) {} + int get_a () const { return m_a; } + int m_a; +}; + +struct bar +{ + bar () : m_foo () {} + const foo &get_foo () const { return m_foo; } + foo m_foo; +}; + +int +main (int argc, char *argv[]) +{ + bar b; + const foo &ref = b.get_foo (); + int ret = ref.m_a; // breakpoint here + ret += ref.get_a (); + return ret; +} \ No newline at end of file diff --git a/gdb/testsuite/gdb.cp/method-ref-return.exp b/gdb/testsuite/gdb.cp/method-ref-return.exp new file mode 100644 index 00000000000..1ac5ac930f8 --- /dev/null +++ b/gdb/testsuite/gdb.cp/method-ref-return.exp @@ -0,0 +1,70 @@ +# Copyright 2025 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Test calling methods and accessing members via reference. + +require allow_cplus_tests + +standard_testfile .cc + +if {[prepare_for_testing "failed to prepare" $testfile $srcfile {debug c++}]} { + return -1 +} + +if {![runto_main]} { + return -1 +} + +# Set a breakpoint after the bar object is created and the reference is obtained. +gdb_breakpoint [gdb_get_line_number "breakpoint here"] +gdb_continue_to_breakpoint "after reference assignment" + +# Test that we can call the method through reference and get the expected result. +gdb_test_multiple "print b.get_foo()" "print method call returning reference" { + -re "\\$\[0-9\]+ = \\(const foo &\\) @$hex: \\{m_a = 42\\}\r\n$gdb_prompt $" { + pass $gdb_test_name + } + -re "Could not validate memory tag: Value can't be converted to integer\\." { + fail "$gdb_test_name" + } +} + +# Test accessing the member through the reference. +gdb_test "print b.get_foo ().m_a" \ + "\\$\[0-9\]+ = 42" \ + "print member access through reference" + +# Test calling method on the referenced object. +gdb_test "print b.get_foo ().get_a()" \ + "\\$\[0-9\]+ = 42" \ + "print method call on referenced object" + +# Test that the stored reference works correctly. +gdb_test_multiple "print ref" "print stored reference" { + -re "\\$\[0-9\]+ = \\(const foo &\\) @$hex: \\{m_a = 42\\}\r\n$gdb_prompt $" { + pass $gdb_test_name + } + -re "Could not validate memory tag: Value can't be converted to integer\\." { + fail "$gdb_test_name" + } +} + +gdb_test "print ref.m_a" \ + "\\$\[0-9\]+ = 42" \ + "print member through stored reference" + +gdb_test "print ref.get_a()" \ + "\\$\[0-9\]+ = 42" \ + "print method call through stored reference" \ No newline at end of file