Patchwork Force array coercion in c_get_string

login
register
mail settings
Submitter Tom Tromey
Date April 29, 2019, 9:02 p.m.
Message ID <87bm0o4jak.fsf@tromey.com>
Download mbox | patch
Permalink /patch/32466/
State New
Headers show

Comments

Tom Tromey - April 29, 2019, 9:02 p.m.
>>>>> "Pedro" == Pedro Alves <palves@redhat.com> writes:

Pedro> Try this:
Pedro>  (gdb) python print (gdb.parse_and_eval("\"ab\"").string (length = 10))

Pedro> This will go to the "in GDB's memory" branch, but it will
Pedro> read beyond the value's contents buffer.

Ouch.  I've fixed this in the new version.

Pedro> Note: I found this comment confusing. [...]

I rewrote it.

Pedro> value_coerce_array, if it were reached, has this:

Pedro>   if (VALUE_LVAL (arg1) != lval_memory)
Pedro>     error (_("Attempt to take address of value not located in memory."));

Pedro> So shouldn't we have such a check here too?

Yes, I've added it.

Here's the new patch, which I think addresses all the issues.  Let me
know what you think.

Tom

commit 2d41e1a3d8acbad856cdfda054f61b127ba97a65
Author: Tom Tromey <tromey@adacore.com>
Date:   Thu Apr 25 12:14:58 2019 -0600

    Correctly handle non-C-style arrays in c_get_string
    
    A user here noticed that the Python Value.string method did not work
    for Ada arrays.  I tracked this down to an oddity in value_as_address
    -- namely, it calls coerce_array, but that function will not force
    array coercion when the language has c_style_arrays=false, as Ada
    does.
    
    This patch fixes the problem by changing c_get_string so that arrays
    take the "in GDB's memory" branch.  The actual patch is somewhat more
    complicated than you might think, because the caller can request more
    array elements than the type allows.  This is normal when the type is
    using the C struct hack.
    
    Tested on x86-64 Fedora 29.
    
    gdb/ChangeLog
    2019-04-29  Tom Tromey  <tromey@adacore.com>
    
            * c-lang.c (c_get_string): Handle non-C-style arrays.
    
    gdb/testsuite/ChangeLog
    2019-04-29  Tom Tromey  <tromey@adacore.com>
    
            * gdb.python/py-value.exp (test_value_in_inferior): Add Ada test.
Tom Tromey - May 8, 2019, 4:19 p.m.
>>>>> "Tom" == Tom Tromey <tromey@adacore.com> writes:

Tom> Here's the new patch, which I think addresses all the issues.  Let me
Tom> know what you think.

I'm going to commit this now.

Tom

Patch

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 4f595922f6a..1b717110ed1 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,7 @@ 
+2019-04-29  Tom Tromey  <tromey@adacore.com>
+
+	* c-lang.c (c_get_string): Handle non-C-style arrays.
+
 2019-04-27  Philippe Waroquiers  <philippe.waroquiers@skynet.be>
 
 	Support style in 'frame|thread apply'
diff --git a/gdb/c-lang.c b/gdb/c-lang.c
index 33506f1d1ed..d25c7c6f296 100644
--- a/gdb/c-lang.c
+++ b/gdb/c-lang.c
@@ -279,10 +279,21 @@  c_get_string (struct value *value, gdb::unique_xmalloc_ptr<gdb_byte> *buffer,
   /* If the string lives in GDB's memory instead of the inferior's,
      then we just need to copy it to BUFFER.  Also, since such strings
      are arrays with known size, FETCHLIMIT will hold the size of the
-     array.  */
+     array.
+
+     An array is assumed to live in GDB's memory, so we take this path
+     here.
+
+     However, it's possible for the caller to request more array
+     elements than apparently exist -- this can happen when using the
+     C struct hack.  So, only do this if either no length was
+     specified, or the length is within the existing bounds.  This
+     avoids running off the end of the value's contents.  */
   if ((VALUE_LVAL (value) == not_lval
-       || VALUE_LVAL (value) == lval_internalvar)
-      && fetchlimit != UINT_MAX)
+       || VALUE_LVAL (value) == lval_internalvar
+       || TYPE_CODE (type) == TYPE_CODE_ARRAY)
+      && fetchlimit != UINT_MAX
+      && (*length < 0 || *length <= fetchlimit))
     {
       int i;
       const gdb_byte *contents = value_contents (value);
@@ -306,7 +317,19 @@  c_get_string (struct value *value, gdb::unique_xmalloc_ptr<gdb_byte> *buffer,
     }
   else
     {
-      CORE_ADDR addr = value_as_address (value);
+      /* value_as_address does not return an address for an array when
+	 c_style_arrays is false, so we handle that specially
+	 here.  */
+      CORE_ADDR addr;
+      if (TYPE_CODE (type) == TYPE_CODE_ARRAY)
+	{
+	  if (VALUE_LVAL (value) != lval_memory)
+	    error (_("Attempt to take address of value "
+		     "not located in memory."));
+	  addr = value_address (value);
+	}
+      else
+	addr = value_as_address (value);
 
       /* Prior to the fix for PR 16196 read_string would ignore fetchlimit
 	 if length > 0.  The old "broken" behaviour is the behaviour we want:
diff --git a/gdb/testsuite/ChangeLog b/gdb/testsuite/ChangeLog
index b6c3618a9c6..0116d26ea90 100644
--- a/gdb/testsuite/ChangeLog
+++ b/gdb/testsuite/ChangeLog
@@ -1,3 +1,7 @@ 
+2019-04-29  Tom Tromey  <tromey@adacore.com>
+
+	* gdb.python/py-value.exp (test_value_in_inferior): Add Ada test.
+
 2019-04-29  Tom de Vries  <tdevries@suse.de>
 
 	* lib/opencl.exp (skip_opencl_tests): Add missing "with" in regexp.
diff --git a/gdb/testsuite/gdb.python/py-value.exp b/gdb/testsuite/gdb.python/py-value.exp
index b3d90b52272..51edfa30958 100644
--- a/gdb/testsuite/gdb.python/py-value.exp
+++ b/gdb/testsuite/gdb.python/py-value.exp
@@ -315,6 +315,13 @@  proc test_value_in_inferior {} {
   gdb_test "python print (\"---\"+st.string (length = 0)+\"---\")" "------" "test string (length = 0) is empty"
   gdb_test "python print (len(st.string (length = 0)))" "0" "test length is 0"
 
+  # We choose Ada here to test a language where c_style_arrays is
+  # false.
+  gdb_test "set lang ada" \
+      "Warning: the current language does not match this frame."
+  gdb_test "python print (st.string ())"  "divide et impera"  \
+      "Test string with no length in ada"
+  gdb_test_no_output "set lang auto"
 
   # Fetch a string that has embedded nulls.
   gdb_test "print nullst" "\"divide\\\\000et\\\\000impera\".*"
@@ -330,6 +337,12 @@  proc test_value_in_inferior {} {
   gdb_py_test_silent_cmd "python xstr = gdb.parse_and_eval('xstr')" "get xstr" 1
   gdb_test "python print(xstr\['text'\].string (length = xstr\['length'\]))" "x{100}" \
     "read string beyond declared size"
+
+  # However it shouldn't be possible to fetch past the end of a
+  # non-memory value.
+  gdb_py_test_silent_cmd "python str = '\"str\"'" "set up str variable" 1
+  gdb_test "python print (gdb.parse_and_eval (str).string (length = 10))" \
+      "gdb.error: Attempt to take address of value not located in memory.\r\nError while executing Python code."
 }
 
 proc test_inferior_function_call {} {