Package: gdbserver Version: 10.1-1.7 Severity: normal Dear Maintainer,
I was using gdbserver to run 32-bit binary on a 64-bit machine. I ran `gdbserver localhost:1234 ./32bit-exe` on one terminal, and `gdb -ex "target remote :1234" -ex "c"` on another terminal. At this point, it segfaults somewhere in glibc when trying to access a gs memory segment: 0xf7de43ea <__ctype_init+10> push ebx 0xf7de43eb <__ctype_init+11> mov edx, DWORD PTR [eax-0x16c] 0xf7de43f1 <__ctype_init+17> mov ebx, DWORD PTR [eax-0x140] → 0xf7de43f7 <__ctype_init+23> mov edx, DWORD PTR gs:[edx] 0xf7de43fa <__ctype_init+26> mov edx, DWORD PTR [edx] 0xf7de43fc <__ctype_init+28> mov ecx, DWORD PTR [edx+0x24] 0xf7de43ff <__ctype_init+31> add ecx, 0x100 0xf7de4405 <__ctype_init+37> mov DWORD PTR gs:[ebx], ecx 0xf7de4408 <__ctype_init+40> mov ecx, DWORD PTR [edx+0x28] Obviously, it was expected for this to not segfault here and crash, but it crashed here. Here I wrote a simple PoC of the same reproducable bug except without glibc (i.e. freestanding statically-linked binary) to show that the same error seems to exist, tho this time you would have to single-step through gdb through gdbserver in order to trigger the segfault bug: https://gist.github.com/theKidOfArcrania/cdba7c7ff42f95a0cfa2be897ca928db This bug seems to be the underlying cause of this other bug in pwntools (which directly uses gdbserver to open up a gdb instance): https://github.com/Gallopsled/pwntools/issues/1783 -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-2-amd64 (SMP w/16 CPU threads) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gdbserver depends on: ii libc6 2.31-9 ii libgcc-s1 10.2.1-6 ii libstdc++6 10.2.1-6 gdbserver recommends no packages. gdbserver suggests no packages. -- no debconf information
