This is the mail archive of the
gdb-patches@sources.redhat.com
mailing list for the GDB project.
[RFA] decode_line_1 segfault
- To: gdb-patches at sources dot redhat dot com
- Subject: [RFA] decode_line_1 segfault
- From: Keith Seitz <keiths at cygnus dot com>
- Date: Mon, 26 Feb 2001 17:12:19 -0800 (PST)
Hi,
Try this:
(gdb) file foo
Loading symbols...
(gdb) b "foo"
Segmentation fault (core dump)
It doesn't matter what exe you load or what function you want to break at.
What's happening is that decode_line_1 will skip over the first quote in
the string, but it doesn't do so in a way which is safe for the upcoming
memcpy, e.g., *argptr is the first quote, but p is the last 'o' (not the
quote). As a result, decode_line_1 attempts to alloca 0 bytes and memcpy
a buffer of length -1.
This patch shows no testsuite regressions on RH6.2.
I have no idea if this is 100% correct, but some comments in the file
lead me to believe that the first quote should be swallowed. Testcase to
follow.
Here's what gdb now reports:
(gdb) file foo
Loading symbols...
(gdb) b "foo"
Function "foo" not defined.
(gdb) b "Foo::foo"
Can't find member of namespace, class, struct, or union named "Foo::foo"
Hint: try '"Foo::foo<TAB> or '"Foo::foo<ESC-?>
(Note leading single quote.)
(gdb) b "Foo::foo<int,int>"
Can't find member of namespace, class, struct, or union named
"Foo::foo<int,int>"
Hint: try '"Foo::foo<int,int><TAB> or '"Foo::foo<int,int><ESC-?>
(Note leading single quote.)
(gdb) b
"foo.c:3" No source file named foo.c.
Comments?
Keith
Index: linespec.c
===================================================================
RCS file: /cvs/src/src/gdb/linespec.c,v
retrieving revision 1.4
diff -p -p -r1.4 linespec.c
*** linespec.c 2000/12/15 01:01:48 1.4
--- linespec.c 2001/02/27 01:11:51
*************** decode_line_1 (char **argptr, int funfir
*** 611,620 ****
s = NULL;
p = *argptr;
! if (p[0] == '"')
{
is_quote_enclosed = 1;
! p++;
}
else
is_quote_enclosed = 0;
--- 611,620 ----
s = NULL;
p = *argptr;
! if (**argptr == '"')
{
is_quote_enclosed = 1;
! (*argptr)++;
}
else
is_quote_enclosed = 0;