From patchwork Fri May 17 14:59:27 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom de Vries <tdevries@suse.de>
X-Patchwork-Id: 32744
Received: (qmail 8233 invoked by alias); 17 May 2019 14:59:33 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Unsubscribe: <mailto:gdb-patches-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Delivered-To: mailing list gdb-patches@sourceware.org
Received: (qmail 8144 invoked by uid 89); 17 May 2019 14:59:33 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-25.0 required=5.0 tests=AWL, BAYES_00,
	GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,
	SPF_PASS autolearn=ham version=3.3.1 spammy=screen
X-HELO: mx1.suse.de
Received: from mx2.suse.de (HELO mx1.suse.de) (195.135.220.15) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Fri, 17 May 2019 14:59:31 +0000
Received: from relay2.suse.de (unknown [195.135.220.254])	by mx1.suse.de
	(Postfix) with ESMTP id 15806AE45;
	Fri, 17 May 2019 14:59:29 +0000 (UTC)
Subject: Re: [Bug-readline] heap-buffer-overflow in update_line
To: chet.ramey@case.edu, bug-readline@gnu.org
References: <52f237e9-83e8-2a97-4766-e60b867ab914@suse.de>
	<d29fbf1f-d33e-77f6-90ed-0eb3779a027c@case.edu>
From: Tom de Vries <tdevries@suse.de>
Cc: gdb-patches@sourceware.org, Pedro Alves <palves@redhat.com>
Message-ID: <79173bd4-f37e-c137-cf48-187047078bf0@suse.de>
Date: Fri, 17 May 2019 16:59:27 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <d29fbf1f-d33e-77f6-90ed-0eb3779a027c@case.edu>
X-IsSubscribed: yes

On 16-05-19 22:50, Chet Ramey wrote:
> On 5/8/19 4:10 PM, Tom de Vries wrote:
>> Hi,
>>
>> when:
>> - building trunk gdb (using the readline sources in the binutils-gdb.git
>>   repo) on openSUSE 15.0 x86_64-linux with -fsanitize=address, and:
>> - running gdb tests with "export ASAN_OPTIONS=detect_leaks=0",
>> I run into a heap-buffer-overflow failure for
>> gdb.base/utf8-identifiers.exp, reported as PR gdb/24514 -
>> "heap-buffer-overflow in update_line for utf8-identifiers.exp"  at
>> https://sourceware.org/bugzilla/show_bug.cgi?id=24514 .
> 
> 			[...]
> 
>> which triggers without needing the address sanitizer, like this:
>> ...
>> $ TERM=dumb gdb -q -ex "set width 0"
>> gdb: /home/vries/readline/src/display.c:1393: rl_redisplay: Assertion
>> `last_lmargin + (_rl_screenwidth + visible_wrap_offset) <= line_size'
>> failed.
>> Aborted (core dumped)
> 
> This looks like the same problem as described in
> 
> http://lists.gnu.org/archive/html/bug-readline/2019-03/msg00001.html
> 
> In this case, gdb sets the screen width to 32766, which is obviously
> bonkers on a dumb terminal. Gdb should pass -1 to rl_set_screen_size
> so readline doesn't override the number of columns on the physical
> terminal.
> 

I've tried this:
...
but ran into this test failure in gdb.ada/pp-rec-component.exp:
...
(gdb) source
/data/gdb_versions/devel/build/gdb/testsuite/outputs/gdb.ada/pp^M<sions/devel/build/gdb/testsuite/outputs/gdb.ada/pp-

^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^Hrec-component/pp-rec-com
^M<tsuite/outputs/gdb.ada/pp-rec-component/pp-rec-comp
      ^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^Honent.py^M
(gdb) FAIL: gdb.ada/pp-rec-component.exp: source pp-rec-component.py
...
which is readline doing it's horizontal scrolling mode, which AFAIU is
triggered by this condition in rl_redisplay failing:
...
  if (_rl_horizontal_scroll_mode == 0 && _rl_term_up && *_rl_term_up)
...
not because _rl_horizontal_scroll_mode is 1, but because _rl_term_up is
NULL (because of TERM=dumb).

Note btw that ^H is used here by readline despite the fact that
TERM=dumb does not support backspace. I'm not sure if this is a bug, or
intentional behaviour.

Either way, I'm open for suggestions that make gdb call
rl_set_screen_size with legal parameters, and disable features like
horizontal scrolling to get unformatted output for the testsuite run.

Thanks,
- Tom

diff --git a/gdb/utils.c b/gdb/utils.c
index 9686927473..2bfa22055e 100644
--- a/gdb/utils.c
+++ b/gdb/utils.c
@@ -1371,7 +1371,7 @@ set_screen_size (void)

   if (cols <= 0 || cols > sqrt_int_max)
     {
-      cols = sqrt_int_max;
+      cols = -1;
       chars_per_line = UINT_MAX;
     }
...