diff mbox

[RFC] Avoid indexing std::vector past the end

Message ID 1514476903-5206-1-git-send-email-b7.10110111@gmail.com
State New
Headers show

Commit Message

Ruslan Kabatsayev Dec. 28, 2017, 4:01 p.m. UTC 
Hello all,

On my system I have added some asserts into GCC's stl_vector.h, which check for
various mistakes like out of bounds access, call to std::vector::front on empty
vector etc. to debug my own projects. After I built GDB with such
modifications, I've noticed that in some cases it accesses some vectors out of
bound, namely element one past the end. Effectively the code is something like
`auto*p=&someVector[someVector.size()];`, which, although may seem legitimate
on the first glance since it simply takes address, is still Undefined Behavior
according to the C++ Standard (see e.g. [1] and links in that page).

So I wonder whether GDB deliberately exploits undefined behavior here knowing
that GCC might give(?) some guarantee that this will always work as intended,
or it's simply a mistake, and my patch would be OK.

[1]: https://stackoverflow.com/a/27069592/673852

Regards,
Ruslan

---
 gdb/psymtab.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Simon Marchi Dec. 30, 2017, 12:50 a.m. UTC | #1 
On 2017-12-28 11:01, Ruslan Kabatsayev wrote:
> Hello all,
> 
> On my system I have added some asserts into GCC's stl_vector.h, which 
> check for
> various mistakes like out of bounds access, call to std::vector::front 
> on empty
> vector etc. to debug my own projects. After I built GDB with such
> modifications, I've noticed that in some cases it accesses some vectors 
> out of
> bound, namely element one past the end. Effectively the code is 
> something like
> `auto*p=&someVector[someVector.size()];`, which, although may seem 
> legitimate
> on the first glance since it simply takes address, is still Undefined 
> Behavior
> according to the C++ Standard (see e.g. [1] and links in that page).
> 
> So I wonder whether GDB deliberately exploits undefined behavior here 
> knowing
> that GCC might give(?) some guarantee that this will always work as 
> intended,
> or it's simply a mistake, and my patch would be OK.
> 
> [1]: https://stackoverflow.com/a/27069592/673852
> 
> Regards,
> Ruslan

Hi Ruslan,

Thanks for finding and reporting this.  We certainly don't want to rely 
on any compiler-specific undefined behavior, this is a mistake.

The patch looks good to me, it's just missing a ChangeLog entry.

Simon
diff mbox

Patch

diff --git a/gdb/psymtab.c b/gdb/psymtab.c
index c87ef25..c622f4c 100644
--- a/gdb/psymtab.c
+++ b/gdb/psymtab.c
@@ -1337,21 +1337,21 @@  recursively_search_psymtabs
     }
 
   partial_symbol **gbound
-    = &objfile->global_psymbols[ps->globals_offset + ps->n_global_syms];
+    = objfile->global_psymbols.data() + ps->globals_offset + ps->n_global_syms;
   partial_symbol **sbound
-    = &objfile->static_psymbols[ps->statics_offset + ps->n_static_syms];
+    = objfile->static_psymbols.data() + ps->statics_offset + ps->n_static_syms;
   partial_symbol **bound = gbound;
 
   /* Go through all of the symbols stored in a partial
      symtab in one loop.  */
-  partial_symbol **psym = &objfile->global_psymbols[ps->globals_offset];
+  partial_symbol **psym = objfile->global_psymbols.data() + ps->globals_offset;
   while (keep_going)
     {
       if (psym >= bound)
 	{
 	  if (bound == gbound && ps->n_static_syms != 0)
 	    {
-	      psym = &objfile->static_psymbols[ps->statics_offset];
+	      psym = objfile->static_psymbols.data() + ps->statics_offset;
 	      bound = sbound;
 	    }
 	  else