This is the mail archive of the gdb-testers@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[binutils-gdb] Fix array out of bound access

From: sergiodj+buildbot at sergiodj dot net
To: gdb-testers at sourceware dot org
Date: Mon, 27 Feb 2017 12:42:23 -0500
Subject: [binutils-gdb] Fix array out of bound access
Authentication-results: sourceware.org; auth=none

*** TEST RESULTS FOR COMMIT 2123df0ebfc7ade46784ef412226490d59f8ce05 ***

Author: Yao Qi <yao.qi@linaro.org>
Branch: master
Commit: 2123df0ebfc7ade46784ef412226490d59f8ce05

Fix array out of bound access

ASAN reports the following error,

(gdb) PASS: gdb.fortran/vla-ptr-info.exp: continue to breakpoint: pvla-associated
print &pvla^M
=================================================================^M
^[[1m^[[31m==14331==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000ea569f at pc 0x0000008eb546 bp 0x7ffde0c1dc70 sp 0x7ffde0c1dc60^M
^[[1m^[[0m^[[1m^[[34mREAD of size 1 at 0x000000ea569f thread T0^[[1m^[[0m^M
    #0 0x8eb545 in f_print_type(type*, char const*, ui_file*, int, int, type_print_options const*) ../../binutils-gdb/gdb/f-typeprint.c:89^M
    #1 0xb611e2 in type_print(type*, char const*, ui_file*, int) ../../binutils-gdb/gdb/typeprint.c:365^M
    #2 0x7b3471 in c_value_print(value*, ui_file*, value_print_options const*) ../../binutils-gdb/gdb/c-valprint.c:650^M
    #3 0xb99517 in value_print(value*, ui_file*, value_print_options const*) ../../binutils-gdb/gdb/valprint.c:1233^M
    #4 0xa42be8 in print_formatted ../../binutils-gdb/gdb/printcmd.c:321^M
    #5 0xa46ac9 in print_value(value*, format_data const*) ../../binutils-gdb/gdb/printcmd.c:1233^M
    #6 0xa46d82 in print_command_1 ../../binutils-gdb/gdb/printcmd.c:1261^M
    #7 0xa46e3e in print_command ../../binutils-gdb/gdb/printcmd.c:1267

on this line of code

      demangled_args = varstring[strlen (varstring) - 1] == ')';

because varstring is an empty string and strlen () is 0, so "strlen () - 1"
is definitely out of the bound of "varstring",

(gdb) bt 10
    at /home/yao/SourceCode/gnu/gdb/git/gdb/f-typeprint.c:56
    at /home/yao/SourceCode/gnu/gdb/git/gdb/typeprint.c:365
    at /home/yao/SourceCode/gnu/gdb/git/gdb/c-valprint.c:650
    at /home/yao/SourceCode/gnu/gdb/git/gdb/valprint.c:1236

This patch adds a pre-check that varstring is empty or not.

gdb:

2017-02-27  Yao Qi  <yao.qi@linaro.org>

	* f-typeprint.c (f_print_type): Check "varstring" is empty first.

Follow-Ups:
- Failures on Debian-s390x-native-extended-gdbserver-m64, branch master
  - From: sergiodj+buildbot
- Failures on Fedora-x86_64-m64, branch master
  - From: sergiodj+buildbot
- Failures on Ubuntu-AArch32-native-gdbserver-m32, branch master
  - From: sergiodj+buildbot
- Failures on Debian-s390x-native-gdbserver-m64, branch master
  - From: sergiodj+buildbot
- Failures on Ubuntu-AArch32-native-extended-gdbserver-m32, branch master
  - From: sergiodj+buildbot
- Failures on Ubuntu-AArch32-m32, branch master
  - From: sergiodj+buildbot
- Failures on Fedora-ppc64le-native-gdbserver-m64, branch master
  - From: sergiodj+buildbot
- Failures on Fedora-ppc64le-native-extended-gdbserver-m64, branch master
  - From: sergiodj+buildbot
- Failures on Fedora-ppc64be-native-gdbserver-m64, branch master
  - From: sergiodj+buildbot
- Failures on Fedora-ppc64be-native-extended-gdbserver-m64, branch master
  - From: sergiodj+buildbot

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]