aboutsummaryrefslogtreecommitdiff
path: root/gdb/completer.c
diff options
context:
space:
mode:
authorYao Qi <yao.qi@linaro.org>2016-08-11 17:04:11 +0100
committerYao Qi <yao.qi@linaro.org>2016-08-19 14:20:01 +0100
commitbbfa2517ded26c1ba9e1af37671565a1a5e6bbc6 (patch)
tree762e1b72f445eb3b2b40ffc2ba68531ae832caa3 /gdb/completer.c
parent873f10f02f5959ce9b74cc5b599f5006147de940 (diff)
downloadgdb-bbfa2517ded26c1ba9e1af37671565a1a5e6bbc6.zip
gdb-bbfa2517ded26c1ba9e1af37671565a1a5e6bbc6.tar.gz
gdb-bbfa2517ded26c1ba9e1af37671565a1a5e6bbc6.tar.bz2
null-terminate string in linespec_location_completer
If I build gdb with -fsanitize=address and run tests, I get error, malformed linespec error: unexpected colon^M (gdb) PASS: gdb.linespec/ls-errs.exp: lang=C: break : break :=================================================================^M ==3266==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000051451 at pc 0x2b5797a972a8 bp 0x7fffd8e0f3c0 sp 0x7fffd8e0f398^M READ of size 2 at 0x602000051451 thread T0 #0 0x2b5797a972a7 in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x322a7)^M #1 0x7bd004 in compare_filenames_for_search(char const*, char const*) /home/yao/SourceCode/gnu/gdb/git/gdb/symtab.c:316^M #2 0x7bd310 in iterate_over_some_symtabs(char const*, char const*, int (*)(symtab*, void*), void*, compunit_symtab*, compunit_symtab*) /home/yao/SourceCode/gnu/gdb/git/gdb/symtab.c:411^M #3 0x7bd775 in iterate_over_symtabs(char const*, int (*)(symtab*, void*), void*) /home/yao/SourceCode/gnu/gdb/git/gdb/symtab.c:481^M #4 0x7bda15 in lookup_symtab(char const*) /home/yao/SourceCode/gnu/gdb/git/gdb/symtab.c:527^M #5 0x7d5e2a in make_file_symbol_completion_list_1 /home/yao/SourceCode/gnu/gdb/git/gdb/symtab.c:5635^M #6 0x7d61e1 in make_file_symbol_completion_list(char const*, char const*, char const*) /home/yao/SourceCode/gnu/gdb/git/gdb/symtab.c:5684^M #7 0x88dc06 in linespec_location_completer /home/yao/SourceCode/gnu/gdb/git/gdb/completer.c:288 .... 0x602000051451 is located 0 bytes to the right of 1-byte region [0x602000051450,0x602000051451)^M mallocated by thread T0 here: #0 0x2b5797ab97ef in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x547ef)^M #1 0xbbfb8d in xmalloc /home/yao/SourceCode/gnu/gdb/git/gdb/common/common-utils.c:43^M #2 0x88dabd in linespec_location_completer /home/yao/SourceCode/gnu/gdb/git/gdb/completer.c:273^M #3 0x88e5ef in location_completer(cmd_list_element*, char const*, char const*) /home/yao/SourceCode/gnu/gdb/git/gdb/completer.c:531^M #4 0x8902e7 in complete_line_internal /home/yao/SourceCode/gnu/gdb/git/gdb/completer.c:964^ The code in question is here file_to_match = (char *) xmalloc (colon - text + 1); strncpy (file_to_match, text, colon - text + 1); it is likely that file_to_match is not null-terminated. The patch is to strncpy 'colon - text' bytes and explicitly set '\0'. gdb: 2016-08-19 Yao Qi <yao.qi@linaro.org> * completer.c (linespec_location_completer): Make file_to_match null-terminated.
Diffstat (limited to 'gdb/completer.c')
-rw-r--r--gdb/completer.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/gdb/completer.c b/gdb/completer.c
index 5c3b3fc..d0e6bc8 100644
--- a/gdb/completer.c
+++ b/gdb/completer.c
@@ -264,7 +264,8 @@ linespec_location_completer (struct cmd_list_element *ignore,
char *s;
file_to_match = (char *) xmalloc (colon - text + 1);
- strncpy (file_to_match, text, colon - text + 1);
+ strncpy (file_to_match, text, colon - text);
+ file_to_match[colon - text] = '\0';
/* Remove trailing colons and quotes from the file name. */
for (s = file_to_match + (colon - text);
s > file_to_match;