aboutsummaryrefslogtreecommitdiff
path: root/gdb/c-exp.y
diff options
context:
space:
mode:
authorPedro Alves <palves@redhat.com>2014-09-04 21:46:28 +0100
committerPedro Alves <palves@redhat.com>2014-09-04 21:46:28 +0100
commitebf13736b42af47c9907b5157c8e80c78dbe00e1 (patch)
tree09904e065e0e83396178aaff4accac38130da461 /gdb/c-exp.y
parenteb0b04635f2f57506ab4365b32a6fc0b62920d2f (diff)
downloadgdb-ebf13736b42af47c9907b5157c8e80c78dbe00e1.zip
gdb-ebf13736b42af47c9907b5157c8e80c78dbe00e1.tar.gz
gdb-ebf13736b42af47c9907b5157c8e80c78dbe00e1.tar.bz2
parse_number("0") reads uninitialized memory
valgrind caught that parse_number reads uninitialized memory when we parse literal "0": $ valgrind ./gdb -q -nx -ex "set height 0" (...) ==10378== Conditional jump or move depends on uninitialised value(s) ==10378== at 0x548A10: parse_number (c-exp.y:1828) ==10378== by 0x54A340: lex_one_token (c-exp.y:2638) ==10378== by 0x54B4BB: c_lex (c-exp.y:3089) ==10378== by 0x544951: c_parse_internal (c-exp.c:2208) ==10378== by 0x54BF8C: c_parse (c-exp.y:3260) ==10378== by 0x6502E7: parse_exp_in_context_1 (parse.c:1221) ==10378== by 0x650064: parse_exp_in_context (parse.c:1122) ==10378== by 0x65001F: parse_exp_1 (parse.c:1114) ==10378== by 0x650421: parse_expression (parse.c:1266) ==10378== by 0x5A74B7: parse_and_eval_long (eval.c:92) ==10378== by 0x501ABD: do_set_command (cli-setshow.c:302) ==10378== by 0x721059: execute_command (top.c:452) ==10378== (gdb) I've pushed the obvious fix. Tested on x86_64 Fedora 20. gdb/ChangeLog: * c-exp.y (parse_number): Skip handling base-switching prefixes if the input is only one character long.
Diffstat (limited to 'gdb/c-exp.y')
-rw-r--r--gdb/c-exp.y2
1 files changed, 1 insertions, 1 deletions
diff --git a/gdb/c-exp.y b/gdb/c-exp.y
index 56400ce..7339ee8 100644
--- a/gdb/c-exp.y
+++ b/gdb/c-exp.y
@@ -1824,7 +1824,7 @@ parse_number (struct parser_state *par_state,
}
/* Handle base-switching prefixes 0x, 0t, 0d, 0 */
- if (p[0] == '0')
+ if (p[0] == '0' && len > 1)
switch (p[1])
{
case 'x':