diff options
author | Pedro Alves <palves@redhat.com> | 2014-09-04 21:46:28 +0100 |
---|---|---|
committer | Pedro Alves <palves@redhat.com> | 2014-09-04 21:46:28 +0100 |
commit | ebf13736b42af47c9907b5157c8e80c78dbe00e1 (patch) | |
tree | 09904e065e0e83396178aaff4accac38130da461 /gdb/c-exp.y | |
parent | eb0b04635f2f57506ab4365b32a6fc0b62920d2f (diff) | |
download | gdb-ebf13736b42af47c9907b5157c8e80c78dbe00e1.zip gdb-ebf13736b42af47c9907b5157c8e80c78dbe00e1.tar.gz gdb-ebf13736b42af47c9907b5157c8e80c78dbe00e1.tar.bz2 |
parse_number("0") reads uninitialized memory
valgrind caught that parse_number reads uninitialized memory when we
parse literal "0":
$ valgrind ./gdb -q -nx -ex "set height 0"
(...)
==10378== Conditional jump or move depends on uninitialised value(s)
==10378== at 0x548A10: parse_number (c-exp.y:1828)
==10378== by 0x54A340: lex_one_token (c-exp.y:2638)
==10378== by 0x54B4BB: c_lex (c-exp.y:3089)
==10378== by 0x544951: c_parse_internal (c-exp.c:2208)
==10378== by 0x54BF8C: c_parse (c-exp.y:3260)
==10378== by 0x6502E7: parse_exp_in_context_1 (parse.c:1221)
==10378== by 0x650064: parse_exp_in_context (parse.c:1122)
==10378== by 0x65001F: parse_exp_1 (parse.c:1114)
==10378== by 0x650421: parse_expression (parse.c:1266)
==10378== by 0x5A74B7: parse_and_eval_long (eval.c:92)
==10378== by 0x501ABD: do_set_command (cli-setshow.c:302)
==10378== by 0x721059: execute_command (top.c:452)
==10378==
(gdb)
I've pushed the obvious fix.
Tested on x86_64 Fedora 20.
gdb/ChangeLog:
* c-exp.y (parse_number): Skip handling base-switching prefixes if
the input is only one character long.
Diffstat (limited to 'gdb/c-exp.y')
-rw-r--r-- | gdb/c-exp.y | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/gdb/c-exp.y b/gdb/c-exp.y index 56400ce..7339ee8 100644 --- a/gdb/c-exp.y +++ b/gdb/c-exp.y @@ -1824,7 +1824,7 @@ parse_number (struct parser_state *par_state, } /* Handle base-switching prefixes 0x, 0t, 0d, 0 */ - if (p[0] == '0') + if (p[0] == '0' && len > 1) switch (p[1]) { case 'x': |