From patchwork Mon Apr 13 21:40:50 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gary Benson <gbenson@redhat.com>
X-Patchwork-Id: 6209
Received: (qmail 93012 invoked by alias); 13 Apr 2015 21:40:54 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Unsubscribe: <mailto:gdb-patches-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Delivered-To: mailing list gdb-patches@sourceware.org
Received: (qmail 93003 invoked by uid 89); 13 Apr 2015 21:40:54 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.1 required=5.0 tests=AWL, BAYES_00,
	SPF_HELO_PASS, SPF_PASS,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with
	(AES256-GCM-SHA384 encrypted) ESMTPS;
	Mon, 13 Apr 2015 21:40:53 +0000
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
	(int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])	by
	mx1.redhat.com (8.14.4/8.14.4) with ESMTP id
	t3DLeq3w001504	(version=TLSv1/SSLv3
	cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)	for
	<gdb-patches@sourceware.org>; Mon, 13 Apr 2015 17:40:52 -0400
Received: from blade.nx (ovpn-116-95.ams2.redhat.com [10.36.116.95])	by
	int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4)
	with ESMTP id t3DLepQ3004528	for <gdb-patches@sourceware.org>;
	Mon, 13 Apr 2015 17:40:51 -0400
Received: from blade.nx (localhost [127.0.0.1])	by blade.nx (Postfix) with
	ESMTP id 9ABE3263FB7	for <gdb-patches@sourceware.org>;
	Mon, 13 Apr 2015 22:40:50 +0100 (BST)
From: Gary Benson <gbenson@redhat.com>
To: gdb-patches@sourceware.org
Subject: [PATCH] Zero supplied stat buffers in functions that pretend to stat
Date: Mon, 13 Apr 2015 22:40:50 +0100
Message-Id: <1428961250-23031-1-git-send-email-gbenson@redhat.com>
X-IsSubscribed: yes

Hi all,

GDB has five places where it pretends to stat for bfd_openr_iovec.
Four of these only set the incoming buffer's st_size, leaving the
other fields unchanged, which is to say very likely populated with
random values from the stack.  remote_bfd_iovec_stat was fixed in
0a93529c56714b1da3d7106d3e0300764f8bb81c; this commit fixes the
other four.

Built and and regtested on RHEL6.6 x86_64.

Ok to commit?

Cheers,
Gary

gdb/ChangeLog:

	* jit.c (mem_bfd_iovec_stat): Zero supplied buffer.
	* minidebug.c (lzma_stat): Likewise.
	* solib-spu.c (spu_bfd_iovec_stat): Likewise.
	* spu-linux-nat.c (spu_bfd_iovec_stat): Likewise.
---
 gdb/ChangeLog       |    7 +++++++
 gdb/jit.c           |    1 +
 gdb/minidebug.c     |    1 +
 gdb/solib-spu.c     |    1 +
 gdb/spu-linux-nat.c |    1 +
 5 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/gdb/jit.c b/gdb/jit.c
index e872c8f..f977ea6 100644
--- a/gdb/jit.c
+++ b/gdb/jit.c
@@ -126,6 +126,7 @@ mem_bfd_iovec_stat (struct bfd *abfd, void *stream, struct stat *sb)
 {
   struct target_buffer *buffer = (struct target_buffer*) stream;
 
+  memset (sb, 0, sizeof (struct stat));
   sb->st_size = buffer->size;
   return 0;
 }
diff --git a/gdb/minidebug.c b/gdb/minidebug.c
index cc20914..98c2187 100644
--- a/gdb/minidebug.c
+++ b/gdb/minidebug.c
@@ -241,6 +241,7 @@ lzma_stat (struct bfd *abfd,
 {
   struct gdb_lzma_stream *lstream = stream;
 
+  memset (sb, 0, sizeof (struct stat));
   sb->st_size = lzma_index_uncompressed_size (lstream->index);
   return 0;
 }
diff --git a/gdb/solib-spu.c b/gdb/solib-spu.c
index 250cf21..44fbf91 100644
--- a/gdb/solib-spu.c
+++ b/gdb/solib-spu.c
@@ -313,6 +313,7 @@ spu_bfd_iovec_stat (bfd *abfd, void *stream, struct stat *sb)
      table to find the extent of the last section but that seems
      pointless when the size is needed only for checks of other
      parsed values in dbxread.c.  */
+  memset (sb, 0, sizeof (struct stat));
   sb->st_size = INT_MAX;
   return 0;
 }
diff --git a/gdb/spu-linux-nat.c b/gdb/spu-linux-nat.c
index b0942a9..a043f53 100644
--- a/gdb/spu-linux-nat.c
+++ b/gdb/spu-linux-nat.c
@@ -313,6 +313,7 @@ spu_bfd_iovec_stat (struct bfd *abfd, void *stream, struct stat *sb)
      table to find the extent of the last section but that seems
      pointless when the size is needed only for checks of other
      parsed values in dbxread.c.  */
+  memset (sb, 0, sizeof (struct stat));
   sb->st_size = INT_MAX;
   return 0;
 }