Message ID | 83bn4rpd6m.fsf@gnu.org |
---|---|
State | New, archived |
Headers |
Received: (qmail 31298 invoked by alias); 30 Apr 2016 11:08:15 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: <gdb-patches.sourceware.org> List-Unsubscribe: <mailto:gdb-patches-unsubscribe-##L=##H@sourceware.org> List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org> List-Archive: <http://sourceware.org/ml/gdb-patches/> List-Post: <mailto:gdb-patches@sourceware.org> List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs> Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 31287 invoked by uid 89); 30 Apr 2016 11:08:14 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.0 required=5.0 tests=AWL, BAYES_50, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 spammy=75, 20160210, 2016-02-10, 7.5 X-HELO: eggs.gnu.org Received: from eggs.gnu.org (HELO eggs.gnu.org) (208.118.235.92) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Sat, 30 Apr 2016 11:08:04 +0000 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <eliz@gnu.org>) id 1awSka-0001LF-HG for gdb-patches@sourceware.org; Sat, 30 Apr 2016 07:07:58 -0400 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:54723) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>) id 1awSka-0001KX-Ez for gdb-patches@sourceware.org; Sat, 30 Apr 2016 07:07:52 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:1444 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from <eliz@gnu.org>) id 1awSkV-0006mi-GN for gdb-patches@sourceware.org; Sat, 30 Apr 2016 07:07:47 -0400 Date: Sat, 30 Apr 2016 14:07:45 +0300 Message-Id: <83bn4rpd6m.fsf@gnu.org> From: Eli Zaretskii <eliz@gnu.org> To: gdb-patches@sourceware.org Subject: Off-by-one error in windows-nat.c causes abort at startup Reply-to: Eli Zaretskii <eliz@gnu.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-IsSubscribed: yes |
Commit Message
Eli Zaretskii
April 30, 2016, 11:07 a.m. UTC
I created a gdb.ini file in my home directory, and suddenly found that almost all my GDB binaries stopped working. Even "gdb --version" would crash at startup thusly: ./common/common-utils.c:141: internal-error: xsnprintf: Assertion `ret < size' failed. A problem internal to GDB has been detected, further debugging may prove unreliable. Quit this debugging session? (y or n) [answered Y; input not from terminal] This is a bug, please report it. For instructions, see: <http://www.gnu.org/software/gdb/bugs/>. ./common/common-utils.c:141: internal-error: xsnprintf: Assertion `ret < size' failed. A problem internal to GDB has been detected, further debugging may prove unreliable. Create a core file of GDB? (y or n) [answered Y; input not from terminal] This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. Luckily, I still had GDB 7.5, which did work. Using it, I found the off-by-one gotcha below (".gdbinit" is one character longer than "gdb.ini"). I guess no one tested this feature when we switched from using snprintf to xsnprintf... OK to commit (with a suitable ChangeLog entry, of course)?
Comments
On 04/30/2016 12:07 PM, Eli Zaretskii wrote: > Luckily, I still had GDB 7.5, which did work. Using it, I found the > off-by-one gotcha below (".gdbinit" is one character longer than > "gdb.ini"). I guess no one tested this feature when we switched from > using snprintf to xsnprintf... Sounds like gdb would corrupt memory before we switched to xsnprintf then. I'd say the problem is that the feature was added without a corresponding test case. > OK to commit (with a suitable ChangeLog entry, of course)? Sure. > > --- gdb/windows-nat.c~ 2016-02-10 05:19:39.000000000 +0200 > +++ gdb/windows-nat.c 2016-04-30 11:57:08.500000000 +0300 > @@ -2711,9 +2711,9 @@ _initialize_check_for_gdb_ini (void) > if (access (oldini, 0) == 0) > { > int len = strlen (oldini); > - char *newini = (char *) alloca (len + 1); > + char *newini = (char *) alloca (len + 2); > > - xsnprintf (newini, len + 1, "%.*s.gdbinit", > + xsnprintf (newini, len + 2, "%.*s.gdbinit", > (int) (len - (sizeof ("gdb.ini") - 1)), oldini); > warning (_("obsolete '%s' found. Rename to '%s'."), oldini, newini); (I suspect this whole function could be rewritten in a clearer form...) Thanks, Pedro Alves
> From: Pedro Alves <palves@redhat.com> > Date: Mon, 2 May 2016 12:50:05 +0100 > > On 04/30/2016 12:07 PM, Eli Zaretskii wrote: > > > Luckily, I still had GDB 7.5, which did work. Using it, I found the > > off-by-one gotcha below (".gdbinit" is one character longer than > > "gdb.ini"). I guess no one tested this feature when we switched from > > using snprintf to xsnprintf... > > Sounds like gdb would corrupt memory before we switched to xsnprintf > then. I'd say the problem is that the feature was added without a > corresponding test case. > > > OK to commit (with a suitable ChangeLog entry, of course)? > > Sure. Thanks, pushed. > > --- gdb/windows-nat.c~ 2016-02-10 05:19:39.000000000 +0200 > > +++ gdb/windows-nat.c 2016-04-30 11:57:08.500000000 +0300 > > @@ -2711,9 +2711,9 @@ _initialize_check_for_gdb_ini (void) > > if (access (oldini, 0) == 0) > > { > > int len = strlen (oldini); > > - char *newini = (char *) alloca (len + 1); > > + char *newini = (char *) alloca (len + 2); > > > > - xsnprintf (newini, len + 1, "%.*s.gdbinit", > > + xsnprintf (newini, len + 2, "%.*s.gdbinit", > > (int) (len - (sizeof ("gdb.ini") - 1)), oldini); > > warning (_("obsolete '%s' found. Rename to '%s'."), oldini, newini); > > (I suspect this whole function could be rewritten in a clearer form...) Like not use xsnprintf at all, and instead use strcpy/strcat, perhaps?
--- gdb/windows-nat.c~ 2016-02-10 05:19:39.000000000 +0200 +++ gdb/windows-nat.c 2016-04-30 11:57:08.500000000 +0300 @@ -2711,9 +2711,9 @@ _initialize_check_for_gdb_ini (void) if (access (oldini, 0) == 0) { int len = strlen (oldini); - char *newini = (char *) alloca (len + 1); + char *newini = (char *) alloca (len + 2); - xsnprintf (newini, len + 1, "%.*s.gdbinit", + xsnprintf (newini, len + 2, "%.*s.gdbinit", (int) (len - (sizeof ("gdb.ini") - 1)), oldini); warning (_("obsolete '%s' found. Rename to '%s'."), oldini, newini); }