This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[PATCH] Segmentation fault when using the completion for interpreter
- From: Denis PILAT <denis dot pilat at st dot com>
- To: gdb-patches at sources dot redhat dot com
- Date: Wed, 12 Jul 2006 16:02:18 +0200
- Subject: [PATCH] Segmentation fault when using the completion for interpreter
I found a bug in gdb: when using the completion after the cli command
"interpreter-exec", an out-of-bound access occures.
Attached is a patch proposal that fixes it.
There were 2 problems in the original code in file interps.c, function
interpreter_completer:
- the case of (num_matches == alloced) was not handled. In that case the
matches list it not terminated by NULL.
- the xrealloc done at the end is useless since the num_matches is
always <= alloced.
--
Denis PILAT
2006-07-12 Denis PILAT <denis.pilat@st.com>
* interps.c (interpreter_completer): Allocate one more item to the
'matches' list and set them all to 0 with a xcalloc.
Index: interps.c
===================================================================
--- interps.c (revision 486)
+++ interps.c (working copy)
@@ -424,10 +424,11 @@ interpreter_completer (char *text, char
struct interp *interp;
/* We expect only a very limited number of interpreters, so just
- allocate room for all of them. */
+ allocate room for all of them plus one for the last that must be NULL
+ to correctly end the list. */
for (interp = interp_list; interp != NULL; interp = interp->next)
++alloced;
- matches = (char **) xmalloc (alloced * sizeof (char *));
+ matches = (char **) xcalloc (alloced + 1, sizeof (char *));
num_matches = 0;
textlen = strlen (text);
@@ -460,12 +461,6 @@ interpreter_completer (char *text, char
xfree (matches);
matches = NULL;
}
- else if (num_matches < alloced)
- {
- matches = (char **) xrealloc ((char *) matches, ((num_matches + 1)
- * sizeof (char *)));
- matches[num_matches] = NULL;
- }
return matches;
}