diff options
| author | Tom de Vries <tdevries@suse.de> | 2020-12-07 09:07:32 +0100 |
|---|---|---|
| committer | Tom de Vries <tdevries@suse.de> | 2020-12-07 09:07:32 +0100 |
| commit | f51f9f1d0300029d33ecb73976f5d2be9b63553e (patch) | |
| tree | da77fac6d0af66cdb553d6717f498f52b758e5d5 /makefile.vms | |
| parent | 00158a68d1c382f9afe16630ac327695a4904556 (diff) | |
| download | gdb-f51f9f1d0300029d33ecb73976f5d2be9b63553e.zip gdb-f51f9f1d0300029d33ecb73976f5d2be9b63553e.tar.gz gdb-f51f9f1d0300029d33ecb73976f5d2be9b63553e.tar.bz2 | |
[gdb/ada] Handle shrink resize in replace_operator_with_call
In replace_operator_with_call, we resize the elts array like this:
...
exp->nelts = exp->nelts + 7 - oplen;
exp->resize (exp->nelts);
...
Although all the current callers ensure that the new size is bigger, it could
also be smaller, in which case the following memmove possibly reads out of
bounds:
...
memmove (exp->elts + pc + 7, exp->elts + pc + oplen,
EXP_ELEM_TO_BYTES (save_nelts - pc - oplen));
...
Fix this by doing the resize after the memmove in case the new size is
smaller.
Tested on x86_64-linux.
gdb/ChangeLog:
2020-12-07 Tom de Vries <tdevries@suse.de>
* ada-lang.c (replace_operator_with_call): Handle shrink resize.
Diffstat (limited to 'makefile.vms')
0 files changed, 0 insertions, 0 deletions