On 23/06/2026 04:00, Thiago Jung Bauermann wrote:
Hello Yury,

Yury Khrustalev <[email protected]> writes:

Hi, thanks for this report.

I've looked into these issues, and it seems like most of them are caused by
how GDB treats malloc function for evaluating expressions that require a
function call.

GDB seems to ignore that malloc has become n ifunc in Glibc and it tries to
access symbol 'malloc' directly.

It seems like GDB has been having some issues with ifuncs before, e.g. [1].

Simple way to reproduce the issue: use a program with just empty main function:

   int main(void) { return 0; }

In GDB (not that __libc_malloc is the implementation that is returned by the
ifunc resolver):

   (gdb) br main
   (gdb) r
   (gdb) disassemble __libc_malloc

Notice first 2 instructions

   (gdb) call printf("%s\n", "hello")

Might result in SIGILL or SIGSEGV... but if it works, it prints format string
instead of 'hello'.

   (gdb) disassemble __libc_malloc

Notice first 2 instructions have now been re-written with gibberish (hence the
signals).

I would appreciate if this could be looked at from the GDB point of view. 
Perhaps,
this should be fixed in GDB?

FWIW, lldb works as expected.

Thank you for the investigation and the detailed report.
I was able to reproduce the problem and will work on a fix.

Hi Thiago,

I’ve spent some time looking into this issue. The problem appears to be in find_function_in_inferior, which GDB uses when expression evaluation needs to call functions in the inferior, such as malloc for allocating storage for string literal arguments.

When the lookup falls back to a minimal symbol, GDB constructs a synthetic function type from the symbol address. For GNU IFUNC symbols such as malloc, this path loses the IFUNC marker, causing the inferior call machinery to treat the symbol as an ordinary function and skip IFUNC resolution.

The patch below preserves the IFUNC property when creating the synthetic function type. With this change, Yury’s reproducer behaves correctly on my setup.

Does this look like a reasonable approach to you?

Thanks,
Kamran

-- >8 --
commit 960287b93f737dab13d7be40612dcc091b69737d
Author: Muhammad Kamran <[email protected]>
Date:   Mon Jun 22 16:55:23 2026 +0100

    gdb: Preserve IFUNC marker when finding inferior functions

    GDB calls find_function_in_inferior ("malloc") when expression
    evaluation needs to allocate memory in the inferior, e.g. for string
    literal arguments.

    The minimal-symbol fallback created a synthetic ordinary function
    pointer from msymbol.value_address ().  If the symbol was a GNU IFUNC,
    this discarded the IFUNC marker, so call_function_by_hand did not
    resolve the symbol before calling it.

    Use find_minsym_type_and_address to classify the minimal symbol and
    propagate the GNU IFUNC marker to the synthetic function type.  This
    keeps the existing fallback return type while allowing inferior calls
    through IFUNC symbols to be resolved correctly.

diff --git a/gdb/valops.c b/gdb/valops.c
index ab6fd5079e1..7d305871efc 100644
--- a/gdb/valops.c
+++ b/gdb/valops.c
@@ -133,11 +133,15 @@ find_function_in_inferior (const char *name, struct objfile **objf_p)
          struct gdbarch *gdbarch = objfile->arch ();

          struct type *type;
+         struct type *resolved_type;
          CORE_ADDR maddr;
          type = lookup_pointer_type (builtin_type (gdbarch)->builtin_char);
          type = lookup_function_type (type);
          type = lookup_pointer_type (type);
-         maddr = msymbol.value_address ();
+         resolved_type = find_minsym_type_and_address (msymbol.minsym, objfile,
+                                                       &maddr);
+         if (resolved_type->is_gnu_ifunc ())
+           type->target_type ()->set_is_gnu_ifunc (true);

          if (objf_p)
            *objf_p = objfile;




_______________________________________________
linaro-toolchain mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to