From patchwork Fri Feb 24 09:34:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yao Qi X-Patchwork-Id: 19364 Received: (qmail 59024 invoked by alias); 24 Feb 2017 09:34:13 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 59000 invoked by uid 89); 24 Feb 2017 09:34:12 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.4 required=5.0 tests=BAYES_00, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM, SPF_PASS autolearn=ham version=3.3.2 spammy=1233 X-HELO: mail-wm0-f65.google.com Received: from mail-wm0-f65.google.com (HELO mail-wm0-f65.google.com) (74.125.82.65) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 24 Feb 2017 09:34:11 +0000 Received: by mail-wm0-f65.google.com with SMTP id m70so2048422wma.1 for ; Fri, 24 Feb 2017 01:34:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=+jENJLZUdvcp2iH+C1KPzHtfl904+t08yU0ftHq95r4=; b=rYAkbwBkmHqcp8NrGFTs8xDHwpTNmK2DsBRvMm1Z/jXB4IOE4HfoCjowwrdf+/rTGV cInQt6edNN2ctwTXcv9fNAStoHOlW6PFNBKvY7rrAx2dBZs82BRg+G7jwMOvUa0EBpGt jD38l8cwRsOX/JxHWprTxs1GjpYJdTzOxgl9ocMZfKkm67UJ7JXMxcH0KQ+rLpfpZnYT VpcvZJ3VcVookfj3ZLxl9QV55b429GzDdqDNcK4MZLGTL5E2aZrDHvPbXvpn1TI63bKL AmCSrHoxxFiT4//Fu2sxALFTM6ovD+zgtfOwu9NapxwnPFQQ5uaJzcbNpb2uI5WjaIfo 4V0g== X-Gm-Message-State: AMke39lhlIv8I4U99vve9B2pu4odWYjv0VpWnRi+/3KMDoOwxi5UqsB32T7JeQE/VBlDsA== X-Received: by 10.28.151.142 with SMTP id z136mr876812wmd.20.1487928849080; Fri, 24 Feb 2017 01:34:09 -0800 (PST) Received: from E107787-LIN.cambridge.arm.com ([194.214.185.158]) by smtp.gmail.com with ESMTPSA id s17sm9611226wrc.6.2017.02.24.01.34.08 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 24 Feb 2017 01:34:08 -0800 (PST) From: Yao Qi X-Google-Original-From: Yao Qi To: gdb-patches@sourceware.org Subject: [PATCH] Fix array out of bound access Date: Fri, 24 Feb 2017 09:34:03 +0000 Message-Id: <1487928843-30443-1-git-send-email-yao.qi@linaro.org> X-IsSubscribed: yes ASAN reports the following error, (gdb) PASS: gdb.fortran/vla-ptr-info.exp: continue to breakpoint: pvla-associated print &pvla^M =================================================================^M ^[[1m^[[31m==14331==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000ea569f at pc 0x0000008eb546 bp 0x7ffde0c1dc70 sp 0x7ffde0c1dc60^M ^[[1m^[[0m^[[1m^[[34mREAD of size 1 at 0x000000ea569f thread T0^[[1m^[[0m^M #0 0x8eb545 in f_print_type(type*, char const*, ui_file*, int, int, type_print_options const*) ../../binutils-gdb/gdb/f-typeprint.c:89^M #1 0xb611e2 in type_print(type*, char const*, ui_file*, int) ../../binutils-gdb/gdb/typeprint.c:365^M #2 0x7b3471 in c_value_print(value*, ui_file*, value_print_options const*) ../../binutils-gdb/gdb/c-valprint.c:650^M #3 0xb99517 in value_print(value*, ui_file*, value_print_options const*) ../../binutils-gdb/gdb/valprint.c:1233^M #4 0xa42be8 in print_formatted ../../binutils-gdb/gdb/printcmd.c:321^M #5 0xa46ac9 in print_value(value*, format_data const*) ../../binutils-gdb/gdb/printcmd.c:1233^M #6 0xa46d82 in print_command_1 ../../binutils-gdb/gdb/printcmd.c:1261^M #7 0xa46e3e in print_command ../../binutils-gdb/gdb/printcmd.c:1267 on this line of code demangled_args = varstring[strlen (varstring) - 1] == ')'; because varstring is an empty string and strlen () is 0, so "strlen () - 1" is definitely out of the bound of "varstring", (gdb) bt 10 at /home/yao/SourceCode/gnu/gdb/git/gdb/f-typeprint.c:56 at /home/yao/SourceCode/gnu/gdb/git/gdb/typeprint.c:365 at /home/yao/SourceCode/gnu/gdb/git/gdb/c-valprint.c:650 at /home/yao/SourceCode/gnu/gdb/git/gdb/valprint.c:1236 This patch adds a pre-check that varstring is empty or not. Regression tested on x86_64-linux. gdb: 2017-02-24 Yao Qi * f-typeprint.c (f_print_type): Check "varstring" is empty first. --- gdb/f-typeprint.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/gdb/f-typeprint.c b/gdb/f-typeprint.c index da6ef4f..7dbe093 100644 --- a/gdb/f-typeprint.c +++ b/gdb/f-typeprint.c @@ -52,7 +52,6 @@ f_print_type (struct type *type, const char *varstring, struct ui_file *stream, int show, int level, const struct type_print_options *flags) { enum type_code code; - int demangled_args; if (type_not_associated (type)) { @@ -81,12 +80,15 @@ f_print_type (struct type *type, const char *varstring, struct ui_file *stream, if (varstring != NULL) { + int demangled_args; + fputs_filtered (varstring, stream); /* For demangled function names, we have the arglist as part of the name, so don't print an additional pair of ()'s. */ - demangled_args = varstring[strlen (varstring) - 1] == ')'; + demangled_args = (*varstring != '\0' + && varstring[strlen (varstring) - 1] == ')'); f_type_print_varspec_suffix (type, stream, show, 0, demangled_args, 0); } }