From patchwork Wed Oct 29 15:01:40 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pedro Alves X-Patchwork-Id: 3463 Received: (qmail 32112 invoked by alias); 29 Oct 2014 15:01:56 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 32093 invoked by uid 89); 29 Oct 2014 15:01:54 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.3 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_HELO_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Wed, 29 Oct 2014 15:01:43 +0000 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s9TF1gh0004057 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 29 Oct 2014 11:01:42 -0400 Received: from brno.lan (ovpn01.gateway.prod.ext.ams2.redhat.com [10.39.146.11]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s9TF1eoP018345 for ; Wed, 29 Oct 2014 11:01:41 -0400 From: Pedro Alves To: gdb-patches@sourceware.org Subject: [pushed] Fix uninitialized value access when very first GDB command entered is Date: Wed, 29 Oct 2014 15:01:40 +0000 Message-Id: <1414594900-28109-1-git-send-email-palves@redhat.com> While running GDB under Valgrind, I noticed that if the very first command entered is just , GDB accesses an uninitialized value: $ valgrind ./gdb -q -nx ==26790== Memcheck, a memory error detector ==26790== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==26790== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info ==26790== Command: ./gdb -q -nx ==26790== (gdb) ==26790== Conditional jump or move depends on uninitialised value(s) ==26790== at 0x619DFC: command_line_handler (event-top.c:588) ==26790== by 0x7813D5: rl_callback_read_char (callback.c:220) ==26790== by 0x6194B4: rl_callback_read_char_wrapper (event-top.c:166) ==26790== by 0x61988A: stdin_event_handler (event-top.c:372) ==26790== by 0x61847D: handle_file_event (event-loop.c:762) ==26790== by 0x617964: process_event (event-loop.c:339) ==26790== by 0x617A2B: gdb_do_one_event (event-loop.c:403) ==26790== by 0x617A7B: start_event_loop (event-loop.c:428) ==26790== by 0x6194E6: cli_command_loop (event-top.c:181) ==26790== by 0x60F86B: current_interp_command_loop (interps.c:317) ==26790== by 0x610A34: captured_command_loop (main.c:321) ==26790== by 0x60C728: catch_errors (exceptions.c:237) ==26790== (gdb) It's this check here: /* If we just got an empty line, and that is supposed to repeat the previous command, return the value in the global buffer. */ if (repeat && p == linebuffer && *p != '\\') { The problem is that linebuffer's contents were never initialized at this point. gdb/ 2014-10-29 Pedro Alves * event-top.c (command_line_handler): Clear the first byte of linebuffer, when it is first allocated. --- gdb/ChangeLog | 5 +++++ gdb/event-top.c | 1 + 2 files changed, 6 insertions(+) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index 1125b1e..58a7e98 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,5 +1,10 @@ 2014-10-29 Pedro Alves + * event-top.c (command_line_handler): Clear the first byte of + linebuffer, when it is first allocated. + +2014-10-29 Pedro Alves + * tui/tui.c (tui_rl_switch_mode): Wrap tui_enable/tui_disable in TRY_CATCH. diff --git a/gdb/event-top.c b/gdb/event-top.c index 3f9deec..f539733 100644 --- a/gdb/event-top.c +++ b/gdb/event-top.c @@ -467,6 +467,7 @@ command_line_handler (char *rl) { linelength = 80; linebuffer = (char *) xmalloc (linelength); + linebuffer[0] = '\0'; } p = linebuffer;