From patchwork Thu Dec 28 16:01:43 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ruslan Kabatsayev <b7.10110111@gmail.com>
X-Patchwork-Id: 25134
Received: (qmail 20847 invoked by alias); 28 Dec 2017 16:01:58 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Unsubscribe: <mailto:gdb-patches-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Delivered-To: mailing list gdb-patches@sourceware.org
Received: (qmail 20838 invoked by uid 89); 28 Dec 2017 16:01:57 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-26.6 required=5.0 tests=BAYES_00,
	FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, GIT_PATCH_0,
	GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE,
	SPF_PASS autolearn=ham version=3.3.2 spammy=exploits, mistakes,
	glance, H*MI:5206
X-HELO: mail-lf0-f65.google.com
Received: from mail-lf0-f65.google.com (HELO mail-lf0-f65.google.com)
	(209.85.215.65) by sourceware.org
	(qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Thu, 28 Dec 2017 16:01:56 +0000
Received: by mail-lf0-f65.google.com with SMTP id w196so27745906lff.5 for
	<gdb-patches@sourceware.org>; Thu, 28 Dec 2017 08:01:55 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net;
	s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=O3e5c5lG2d+Z+Jg4k17Eu7NJ90pMsulvtEfjyTnxye4=;
	b=kOfWGspq07vBzUN6IShKvd3raSHadlzA2A2EkvNIO6pI2cpbjXmEzjh+xFD86/OL5/
	XkyxnCzygEBUk+NfirCUHUnwJ9mdc/kZ2ox7khRwyJEH5s3hfh7hefDY9x8RtEbvxMxb
	8+YWjamy0vr7bJ/PNjgHE8uS4oa8pWXvp+D+VSv0M+yYv+IlprWhYymeYpQM696TsrvZ
	PrG0WeZo0JgF4FNuUticH1kjI/9AUgd9mVm6E9+yTFzE4IvL2WTGtm/4jhmBumu3tAis
	YGUfpulwTgkkEuSn62ddqqBsFWh3yz7i4fzYaapeBx5DzEzPpTuPxK+9XIq58jSmwNjB
	b0lA==
X-Gm-Message-State: AKGB3mIYzl7rkW0t+5Qlt4dVK0n+JU2W9Z7L3IZyUm9T+/OccW6rHNgB
	/m9KE5JynkB1rtZZGeDYBD7gqw==
X-Google-Smtp-Source: 
 ACJfBotpRcNjZTNp6vn7SjIKCg6cwowZPnqJRlUWfAN7PJ2NHMZMPDQHu+a8qRULQQyDFUMlHzO58A==
X-Received: by 10.46.14.9 with SMTP id 9mr20136269ljo.148.1514476913590;
	Thu, 28 Dec 2017 08:01:53 -0800 (PST)
Received: from ruslan.root.ians.aero ([81.222.86.72]) by smtp.gmail.com with
	ESMTPSA id r38sm7481534lfi.17.2017.12.28.08.01.52
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 28 Dec 2017 08:01:52 -0800 (PST)
From: Ruslan Kabatsayev <b7.10110111@gmail.com>
To: gdb-patches@sourceware.org
Cc: Ruslan Kabatsayev <b7.10110111@gmail.com>
Subject: [PATCH][RFC] Avoid indexing std::vector past the end
Date: Thu, 28 Dec 2017 19:01:43 +0300
Message-Id: <1514476903-5206-1-git-send-email-b7.10110111@gmail.com>
X-IsSubscribed: yes

Hello all,

On my system I have added some asserts into GCC's stl_vector.h, which check for
various mistakes like out of bounds access, call to std::vector::front on empty
vector etc. to debug my own projects. After I built GDB with such
modifications, I've noticed that in some cases it accesses some vectors out of
bound, namely element one past the end. Effectively the code is something like
`auto*p=&someVector[someVector.size()];`, which, although may seem legitimate
on the first glance since it simply takes address, is still Undefined Behavior
according to the C++ Standard (see e.g. [1] and links in that page).

So I wonder whether GDB deliberately exploits undefined behavior here knowing
that GCC might give(?) some guarantee that this will always work as intended,
or it's simply a mistake, and my patch would be OK.

[1]: https://stackoverflow.com/a/27069592/673852

Regards,
Ruslan
---
 gdb/psymtab.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gdb/psymtab.c b/gdb/psymtab.c
index c87ef25..c622f4c 100644
--- a/gdb/psymtab.c
+++ b/gdb/psymtab.c
@@ -1337,21 +1337,21 @@ recursively_search_psymtabs
     }
 
   partial_symbol **gbound
-    = &objfile->global_psymbols[ps->globals_offset + ps->n_global_syms];
+    = objfile->global_psymbols.data() + ps->globals_offset + ps->n_global_syms;
   partial_symbol **sbound
-    = &objfile->static_psymbols[ps->statics_offset + ps->n_static_syms];
+    = objfile->static_psymbols.data() + ps->statics_offset + ps->n_static_syms;
   partial_symbol **bound = gbound;
 
   /* Go through all of the symbols stored in a partial
      symtab in one loop.  */
-  partial_symbol **psym = &objfile->global_psymbols[ps->globals_offset];
+  partial_symbol **psym = objfile->global_psymbols.data() + ps->globals_offset;
   while (keep_going)
     {
       if (psym >= bound)
 	{
 	  if (bound == gbound && ps->n_static_syms != 0)
 	    {
-	      psym = &objfile->static_psymbols[ps->statics_offset];
+	      psym = objfile->static_psymbols.data() + ps->statics_offset;
 	      bound = sbound;
 	    }
 	  else