diff mbox

Fix out-of-bounds read in tui_addr_is_displayed

Message ID CAF4+tmpJNzzf6hDFdLC8DJCRtcEP9hTAgaiyBMGK2VA4AJQDHA@mail.gmail.com
State New, archived
Headers

Commit Message

Bogdan Harjoc Aug. 2, 2019, 3:53 p.m. UTC 
  In tui_addr_is_displayed(), if win_info->content.size() is less than 2, then

  win_info->content.size () - threshold

will wrap to SIZE_MAX if threshold = SCROLL_THRESHOLD = 2.

The attached patch avoids calling win_info->content[i] below with i=0
which is past the end of the vector of size 0.

Bogdan

Comments

Tom Tromey Aug. 2, 2019, 6:07 p.m. UTC | #1 
>>>>> "Bogdan" == Bogdan Harjoc <harjoc@gmail.com> writes:

Bogdan> In tui_addr_is_displayed(), if win_info->content.size() is less than 2, then
win_info-> content.size () - threshold

Bogdan> will wrap to SIZE_MAX if threshold = SCROLL_THRESHOLD = 2.

Bogdan> The attached patch avoids calling win_info->content[i] below with i=0
Bogdan> which is past the end of the vector of size 0.

Thank you for the patch.  Nice catch.

This needs a ChangeLog entry but is otherwise ok.

Tom
diff mbox

Patch

diff --git a/gdb/tui/tui-winsource.c b/gdb/tui/tui-winsource.c
index 3de2692dee..3eb583b31d 100644
--- a/gdb/tui/tui-winsource.c
+++ b/gdb/tui/tui-winsource.c
@@ -742,7 +742,7 @@  tui_addr_is_displayed (CORE_ADDR addr,
   else
     threshold = 0;
   i = 0;
-  while (i < win_info->content.size () - threshold
+  while (i + threshold < win_info->content.size ()
 	 && !is_displayed)
     {
       is_displayed