From patchwork Thu Sep 4 20:56:48 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pedro Alves X-Patchwork-Id: 2652 Received: (qmail 11595 invoked by alias); 4 Sep 2014 20:56:53 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 11585 invoked by uid 89); 4 Sep 2014 20:56:52 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.8 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_HELO_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Thu, 04 Sep 2014 20:56:52 +0000 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s84KunBc027573 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 4 Sep 2014 16:56:50 -0400 Received: from brno.lan (ovpn01.gateway.prod.ext.ams2.redhat.com [10.39.146.11]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s84KumYc021616 for ; Thu, 4 Sep 2014 16:56:49 -0400 From: Pedro Alves To: gdb-patches@sourceware.org Subject: [ob/pushed] parse_number("0") reads uninitialized memory Date: Thu, 4 Sep 2014 21:56:48 +0100 Message-Id: <1409864208-13395-1-git-send-email-palves@redhat.com> valgrind caught that parse_number reads uninitialized memory when we parse literal "0": $ valgrind ./gdb -q -nx -ex "set height 0" (...) ==10378== Conditional jump or move depends on uninitialised value(s) ==10378== at 0x548A10: parse_number (c-exp.y:1828) ==10378== by 0x54A340: lex_one_token (c-exp.y:2638) ==10378== by 0x54B4BB: c_lex (c-exp.y:3089) ==10378== by 0x544951: c_parse_internal (c-exp.c:2208) ==10378== by 0x54BF8C: c_parse (c-exp.y:3260) ==10378== by 0x6502E7: parse_exp_in_context_1 (parse.c:1221) ==10378== by 0x650064: parse_exp_in_context (parse.c:1122) ==10378== by 0x65001F: parse_exp_1 (parse.c:1114) ==10378== by 0x650421: parse_expression (parse.c:1266) ==10378== by 0x5A74B7: parse_and_eval_long (eval.c:92) ==10378== by 0x501ABD: do_set_command (cli-setshow.c:302) ==10378== by 0x721059: execute_command (top.c:452) ==10378== (gdb) I've pushed the obvious fix. Tested on x86_64 Fedora 20. gdb/ChangeLog: * c-exp.y (parse_number): Skip handling base-switching prefixes if the input is only one character long. --- gdb/ChangeLog | 5 +++++ gdb/c-exp.y | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index 201a8c5..e22ba0c 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,8 @@ +2014-09-04 Pedro Alves + + * c-exp.y (parse_number): Skip handling base-switching prefixes if + the input is only one character long. + 2014-09-04 Sergio Durigan Junior PR fortran/17237 diff --git a/gdb/c-exp.y b/gdb/c-exp.y index 56400ce..7339ee8 100644 --- a/gdb/c-exp.y +++ b/gdb/c-exp.y @@ -1824,7 +1824,7 @@ parse_number (struct parser_state *par_state, } /* Handle base-switching prefixes 0x, 0t, 0d, 0 */ - if (p[0] == '0') + if (p[0] == '0' && len > 1) switch (p[1]) { case 'x':