From patchwork Mon Aug 27 14:56:18 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Tromey <tom@tromey.com>
X-Patchwork-Id: 29066
Received: (qmail 63969 invoked by alias); 27 Aug 2018 14:57:33 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Unsubscribe: <mailto:gdb-patches-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Delivered-To: mailing list gdb-patches@sourceware.org
Received: (qmail 63298 invoked by uid 89); 27 Aug 2018 14:57:09 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-25.5 required=5.0 tests=AWL, BAYES_00,
	GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,
	RCVD_IN_DNSWL_NONE,
	SPF_HELO_PASS autolearn=ham version=3.3.2
	spammy=Hx-languages-length:1701
X-HELO: gateway22.websitewelcome.com
Received: from gateway22.websitewelcome.com (HELO
	gateway22.websitewelcome.com) (192.185.47.206) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Mon, 27 Aug 2018 14:57:06 +0000
Received: from cm10.websitewelcome.com (cm10.websitewelcome.com
	[100.42.49.4])	by gateway22.websitewelcome.com (Postfix) with
	ESMTP id 97194135B6	for <gdb-patches@sourceware.org>;
	Mon, 27 Aug 2018 09:56:27 -0500 (CDT)
Received: from box5379.bluehost.com ([162.241.216.53])	by cmsmtp with
	SMTP	id uIwNfYSL1BcCXuIwNf38ce; Mon, 27 Aug 2018 09:56:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tromey.com;
	s=default;
	h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:
	Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
	Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
	Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=7iJhvJ5yjVfLKb09gdzwpm4adMI7AlqjF7rUFCrAylo=;
	b=PL52VKmXvMii8y2s9Sw46KHNeK
	FzFE5+ZZhFOXfWd/9AiCFm0O6/Kwb8cQrinu/7M6UxWKpsX2Lht1SlXjwEf2ksf3WED3EUtbDz0aC
	2cg/+wVrT96OxSXe3Tufwd89S;
Received: from 75-166-85-72.hlrn.qwest.net ([75.166.85.72]:54030
	helo=bapiya.Home)	by box5379.bluehost.com with esmtpsa
	(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)	(Exim
	4.91)	(envelope-from <tom@tromey.com>)	id 1fuIwN-000csy-AX;
	Mon, 27 Aug 2018 09:56:27 -0500
From: Tom Tromey <tom@tromey.com>
To: gdb-patches@sourceware.org
Cc: Tom Tromey <tom@tromey.com>
Subject: [PATCH 7/9] Avoid undefined behavior in ada_operator_length
Date: Mon, 27 Aug 2018 08:56:18 -0600
Message-Id: <20180827145620.11055-8-tom@tromey.com>
In-Reply-To: <20180827145620.11055-1-tom@tromey.com>
References: <20180827145620.11055-1-tom@tromey.com>

-fsanitize=undefined pointed out this error:

    runtime error: load of value 2887952, which is not a valid value for type 'exp_opcode'

This happens in gdb.ada/complete.exp when processing "complete p
my_glob".  This does not parse, so the Ada parser throws an exception;
but then the code in parse_exp_in_context_1 accepts the expression
anyway.  However, as no elements have been written to the expression,
undefined behavior results.

The fix is to notice this case in parse_exp_in_context_1.  This patch
also adds an assertion to prefixify_expression to enforce this
pre-existing constraint.

ChangeLog
2018-08-27  Tom Tromey  <tom@tromey.com>

	* parse.c (prefixify_expression): Add assert.
	(parse_exp_in_context_1): Throw exception if the expression is
	empty.
---
 gdb/ChangeLog | 8 +++++++-
 gdb/parse.c   | 6 +++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/gdb/parse.c b/gdb/parse.c
index 1b58073a529..a9b802d0e6e 100644
--- a/gdb/parse.c
+++ b/gdb/parse.c
@@ -792,6 +792,7 @@ copy_name (struct stoken token)
 int
 prefixify_expression (struct expression *expr)
 {
+  gdb_assert (expr->nelts > 0);
   int len = sizeof (struct expression) + EXP_ELEM_TO_BYTES (expr->nelts);
   struct expression *temp;
   int inpos = expr->nelts, outpos = 0;
@@ -1205,7 +1206,10 @@ parse_exp_in_context_1 (const char **stringptr, CORE_ADDR pc,
     }
   CATCH (except, RETURN_MASK_ALL)
     {
-      if (! parse_completion)
+      /* If parsing for completion, allow this to succeed; but if no
+	 expression elements have been written, then there's nothing
+	 to do, so fail.  */
+      if (! parse_completion || ps.expout_ptr == 0)
 	throw_exception (except);
     }
   END_CATCH