[bug] wrong preview value, shows __dso_handle for program data

[k4lizen]

Description

Why is __dso_handle shown here?

Steps to reproduce

terminal.zip
It's a binary from a ctf, so I don't have the source. It doesn't do anything elf-crafty / libc-messy, its quite a normal challenge.

• open the file in pwndbg
• break main
• run
  You should see the wrong preview text.

My setup

Gdb:      13.2
Python:   3.11.8 (main, Feb  7 2024, 21:52:08) [GCC 13.2.0]
Pwndbg:   2024.02.14 build: da817b23
Capstone: 5.0.1280
Unicorn:  2.0.1

Linux kali 6.6.9-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.6.9-1kali1 (2024-01-08) x86_64 GNU/Linux

[OBarronCS]

In the backend, Pwndbg gets the symbol by running the GDB command info symbol ADDRESS.

pwndbg/pwndbg/gdblib/symbol.py

Lines 96 to 102 in 385e63f

	# This sucks, but there's not a GDB API for this.
	# Workaround for a bug with Rust language, see #2094
	try:
	result = gdb.execute(f"info symbol 0x{address:x}", to_string=True, from_tty=False)
	except gdb.error:
	return ""

Very interestingly, looks like GDB is incorrectly resolving the address in this case.

[k4lizen]

I can submit a bug report upstream (to gdb).
Maybe pwndbg should include a sanity check anyways?

[k4lizen]

I submitted it to gdb here: https://sourceware.org/bugzilla/show_bug.cgi?id=31669

[OBarronCS]

In case this becomes a very common occurrence, we could think of a sanity check (for example, we know __dso_handle is just a pointer). At the end of the day, we rely on the APIs that GDB exposes, and in the case of symbols we would need some outside information to fix this.

[disconnect3d]

I have added some more comments in https://sourceware.org/bugzilla/show_bug.cgi?id=31669

We can probably hack around this behavior in Pwndbg by ... parsing the symbol returned from info symbol and returning no symbol if there is "+"? But idk, maybe this is not desirable?