From 56ddbf72843c0fa1badd68e71c5ba076f626c5c5 Mon Sep 17 00:00:00 2001
From: Tom Tromey <tromey@adacore.com>
Date: Mon, 9 Sep 2024 11:29:12 -0600
Subject: Fix latent crash in ada_variant_discrim_name

ada_variant_discrim_name does this:

  for (discrim_end = name + strlen (name) - 6; discrim_end != name;

If NAME is too short, this will construct an invalid pointer, perhaps
causing a crash.

This patch arranges to check the length first.
---
 gdb/ada-lang.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'gdb/ada-lang.c')

diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
index 95ceb10..aef2b1d 100644
--- a/gdb/ada-lang.c
+++ b/gdb/ada-lang.c
@@ -6685,8 +6685,10 @@ ada_variant_discrim_name (struct type *type0)
   if (name == NULL || name[0] == '\000')
     return "";
 
-  for (discrim_end = name + strlen (name) - 6; discrim_end != name;
-       discrim_end -= 1)
+  size_t len = strlen (name);
+  if (len < 6)
+    return "";
+  for (discrim_end = name + len - 6; discrim_end != name; discrim_end -= 1)
     {
       if (startswith (discrim_end, "___XVN"))
 	break;
-- 
cgit v1.1