cp fixes from stable: malloc chunk names, remote target search bug (#323)

* Fix malloc chunk names (#318) * heap: respect rename of malloc_chunk fields newer glibc uses different names for the fields of malloc_chunk * move value_from_type to typeinfo and rename to read_gdbvalue * add comment about renaming of `[prev_]size` * Workaround for gdb remote target search bug described in #321 (#322)
8 years ago · be8ff98beb
parent 090fd0bbcd
commit be8ff98beb
3 changed files with 28 additions and 7 deletions
--- a/pwndbg/init.py
+++ b/pwndbg/init.py
@ -154,6 +154,13 @@ try:
 except gdb.error:
    pass

-
 # handle resize event to align width and completion
 signal.signal(signal.SIGWINCH, lambda signum, frame: gdb.execute("set width %i" % pwndbg.ui.get_window_size()[1]))
+
+# Workaround for gdb bug described in #321 ( https://github.com/pwndbg/pwndbg/issues/321 )
+# More info: https://sourceware.org/bugzilla/show_bug.cgi?id=21946
+# As stated on GDB's bugzilla that makes remote target search slower.
+# After GDB gets the fix, we should disable this only for bugged GDB versions.
+if 1:
+    gdb.execute('set remote search-memory-packet off')
+
--- a/pwndbg/commands/heap.py
+++ b/pwndbg/commands/heap.py
@ -12,15 +12,24 @@ import six

 import pwndbg.color.memory as M
 import pwndbg.commands
+import pwndbg.typeinfo
 from pwndbg.color import bold
 from pwndbg.color import red
 from pwndbg.color import underline
 from pwndbg.color import yellow


-def value_from_type(type_name, addr):
-    gdb_type = pwndbg.typeinfo.load(type_name)
-    return gdb.Value(addr).cast(gdb_type.pointer()).dereference()
+def read_chunk(addr):
+    # in old versions of glibc, `mchunk_[prev_]size` was simply called `[prev_]size`
+    # to support both versions, we change the new names to the old ones here so that
+    # the rest of the code can deal with uniform names
+    renames = {
+        "mchunk_size": "size",
+        "mchunk_prev_size": "prev_size",
+    }
+    val = pwndbg.typeinfo.read_gdbvalue("struct malloc_chunk", addr)
+    return dict({ renames.get(key, key): int(val[key]) for key in val.type.keys() }, value=val)
+

 def format_bin(bins, verbose=False):
    main_heap = pwndbg.heap.current
@ -159,7 +168,7 @@ def top_chunk(addr=None):
        last_addr = None
        addr = heap_start
        while addr < heap_end:
-            chunk = value_from_type('struct malloc_chunk', addr)
+            chunk = read_chunk(addr)
            size = int(chunk['size'])

            # Clear the bottom 3 bits
@ -185,7 +194,7 @@ def malloc_chunk(addr):
    if not isinstance(addr, six.integer_types):
        addr = int(addr)

-    chunk = value_from_type('struct malloc_chunk', addr)
+    chunk = read_chunk(addr)
    size = int(chunk['size'])
    actual_size = size & ~7
    prev_inuse, is_mmapped, non_main_arena = main_heap.chunk_flags(size)
@ -204,7 +213,7 @@ def malloc_chunk(addr):
        header += yellow(' IS_MMAPED')
    if non_main_arena:
        header += yellow(' NON_MAIN_ARENA')
-    print(header, chunk)
+    print(header, chunk["value"])

    return chunk

--- a/pwndbg/typeinfo.py
+++ b/pwndbg/typeinfo.py
@ -165,3 +165,8 @@ def add_symbol_file(filename=None, address=0):

    with pwndbg.events.Pause():
        gdb.execute('add-symbol-file %s %s' % (filename, address), from_tty=False, to_string=True)
+
+def read_gdbvalue(type_name, addr):
+    """ Read the memory contents at addr and interpret them as a GDB value with the given type """
+    gdb_type = pwndbg.typeinfo.load(type_name)
+    return gdb.Value(addr).cast(gdb_type.pointer()).dereference()