| Message ID | 1496406158-12663-20-git-send-email-palves@redhat.com |
|---|---|
| State | New, archived |
| Headers |
Received: (qmail 334 invoked by alias); 2 Jun 2017 12:23:04 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: <gdb-patches.sourceware.org> List-Unsubscribe: <mailto:gdb-patches-unsubscribe-##L=##H@sourceware.org> List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org> List-Archive: <http://sourceware.org/ml/gdb-patches/> List-Post: <mailto:gdb-patches@sourceware.org> List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs> Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 131032 invoked by uid 89); 2 Jun 2017 12:23:03 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RP_MATCHES_RCVD, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 02 Jun 2017 12:22:56 +0000 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 663DA624B3 for <gdb-patches@sourceware.org>; Fri, 2 Jun 2017 12:22:59 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 663DA624B3 Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=palves@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 663DA624B3 Received: from cascais.lan (ovpn04.gateway.prod.ext.ams2.redhat.com [10.39.146.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id E77544DA33 for <gdb-patches@sourceware.org>; Fri, 2 Jun 2017 12:22:58 +0000 (UTC) From: Pedro Alves <palves@redhat.com> To: gdb-patches@sourceware.org Subject: [PATCH 19/40] Fix cp_find_first_component_aux bug Date: Fri, 2 Jun 2017 13:22:17 +0100 Message-Id: <1496406158-12663-20-git-send-email-palves@redhat.com> In-Reply-To: <1496406158-12663-1-git-send-email-palves@redhat.com> References: <1496406158-12663-1-git-send-email-palves@redhat.com> |
Commit Message
Pedro Alves
June 2, 2017, 12:22 p.m. UTC
Valgrind catches an out-of-bounds read here: $ gdb ./testsuite/outputs/gdb.cp/method2/method2 (gdb) start [...] Temporary breakpoint 1, main (argc=1, argv=0x7fffffffd958) at src/gdb/testsuite/gdb.cp/method2.cc:26 26 return 0; (gdb) b A::operator ==26907== Invalid read of size 1 ==26907== at 0x75C0AE: cp_find_first_component_aux(char const*, int) (cp-support.c:951) ==26907== by 0x75C084: cp_find_first_component(char const*) (cp-support.c:925) ==26907== by 0x75C3DA: cp_entire_prefix_len(char const*) (cp-support.c:1089) ==26907== by 0x758B16: cp_lookup_symbol_in_namespace(char const*, char const*, block const*, domain_enum_tag, int) (cp-namespace.c:314) ==26907== by 0x75972A: lookup_namespace_scope(language_defn const*, char const*, block const*, domain_enum_tag, char const*, int) (cp-namespace.c:739) ==26907== by 0x7597CB: cp_lookup_symbol_nonlocal(language_defn const*, char const*, block const*, domain_enum_tag) (cp-namespace.c:768) ==26907== by 0x8C1137: lookup_symbol_aux(char const*, block const*, domain_enum_tag, language, field_of_this_result*) (symtab.c:2016) ==26907== by 0x8C098A: lookup_symbol_in_language(char const*, block const*, domain_enum_tag, language, field_of_this_result*) (symtab.c:1824) ==26907== by 0x8C0A04: lookup_symbol(char const*, block const*, domain_enum_tag, field_of_this_result*) (symtab.c:1836) ==26907== by 0x82CBE1: find_label_symbols(linespec_state*, VEC_symbolp*, VEC_symbolp**, char const*) (linespec.c:3390) ==26907== by 0x828FB5: linespec_parse_basic(ls_parser*) (linespec.c:1620) ==26907== by 0x82A78F: parse_linespec(ls_parser*, char const*) (linespec.c:2307) ==26907== Address 0x910f97c is 0 bytes after a block of size 12 alloc'd ==26907== at 0x4C28BF6: malloc (vg_replace_malloc.c:299) ==26907== by 0x74E737: xmalloc (common-utils.c:43) ==26907== by 0x74EAF4: savestring(char const*, unsigned long) (common-utils.c:179) ==26907== by 0x826CEF: copy_token_string(ls_token) (linespec.c:488) ==26907== by 0x828EF6: linespec_parse_basic(ls_parser*) (linespec.c:1599) ==26907== by 0x82A78F: parse_linespec(ls_parser*, char const*) (linespec.c:2307) ==26907== by 0x82AE27: event_location_to_sals(ls_parser*, event_location const*) (linespec.c:2469) ==26907== by 0x82B1CE: decode_line_full(event_location const*, int, program_space*, symtab*, int, linespec_result*, char const*, char const*) (linespec.c:2557) ==26907== by 0x720C8A: parse_breakpoint_sals(event_location const*, linespec_result*) (breakpoint.c:9550) ==26907== by 0x72A2F7: create_sals_from_location_default(event_location const*, linespec_result*, bptype) (breakpoint.c:14484) ==26907== by 0x727F86: bkpt_create_sals_from_location(event_location const*, linespec_result*, bptype) (breakpoint.c:13219) ==26907== by 0x72146D: create_breakpoint(gdbarch*, event_location const*, char*, int, char*, int, int, bptype, int, auto_boolean, breakpoint_ops const*, int, int, int, unsigned int) (breakpoint.c:9759) gdb/ChangeLog: yyyy-mm-dd Pedro Alves <palves@redhat.com> * cp-support.c (cp_find_first_component_aux): Add missing case for end of string. --- gdb/cp-support.c | 2 ++ 1 file changed, 2 insertions(+)
Comments
On 06/02/2017 05:22 AM, Pedro Alves wrote: > gdb/ChangeLog: > yyyy-mm-dd Pedro Alves <palves@redhat.com> > > * cp-support.c (cp_find_first_component_aux): Add missing case for > end of string. That's pretty obvious, even to me. Do we a test case would add anything? /me not so sure [but then it would be rather trivial to write, eh?] Keith
On 07/17/2017 12:50 PM, Pedro Alves wrote:
> Would you be OK with adding the fix without the test yet?
Sure.
Keith
On 07/17/2017 10:38 PM, Keith Seitz wrote: > On 07/17/2017 12:50 PM, Pedro Alves wrote: >> Would you be OK with adding the fix without the test yet? > > Sure. OK, I pushed it in now. Thanks, Pedro Alves
diff --git a/gdb/cp-support.c b/gdb/cp-support.c index 122fadd..df9a563 100644 --- a/gdb/cp-support.c +++ b/gdb/cp-support.c @@ -1009,6 +1009,8 @@ cp_find_first_component_aux (const char *name, int permissive) ++index; switch (name[index]) { + case '\0': + return index; /* Skip over one less than the appropriate number of characters: the for loop will skip over the last one. */