This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
FYI: fix PR 13405
- From: Tom Tromey <tromey at redhat dot com>
- To: gdb-patches at sourceware dot org
- Date: Thu, 02 Feb 2012 09:21:46 -0700
- Subject: FYI: fix PR 13405
I'm checking this in.
This fixes PR 13405. The bug is that some code in the TUI can write to
a possibly read-only string:
if (*buf_ptr != (char) 0)
wname = buf_ptr;
else
wname = "?";
/* Validate the window name. */
for (i = 0; i < strlen (wname); i++)
wname[i] = toupper (wname[i]);
The bad write will happen if the false branch of the 'if' is taken.
This patch just hoists the loop into the true branch.
Tom
2012-02-02 Tom Tromey <tromey@redhat.com>
PR gdb/13405:
* tui/tui-win.c (parse_scrolling_args): Don't write to possibly
read-only memory.
Index: tui/tui-win.c
===================================================================
RCS file: /cvs/src/src/gdb/tui/tui-win.c,v
retrieving revision 1.56
diff -u -r1.56 tui-win.c
--- tui/tui-win.c 28 Jan 2012 18:08:22 -0000 1.56
+++ tui/tui-win.c 2 Feb 2012 16:19:17 -0000
@@ -1583,13 +1583,16 @@
;
if (*buf_ptr != (char) 0)
- wname = buf_ptr;
+ {
+ wname = buf_ptr;
+
+ /* Validate the window name. */
+ for (i = 0; i < strlen (wname); i++)
+ wname[i] = toupper (wname[i]);
+ }
else
wname = "?";
- /* Validate the window name. */
- for (i = 0; i < strlen (wname); i++)
- wname[i] = toupper (wname[i]);
*win_to_scroll = tui_partial_win_by_name (wname);
if (*win_to_scroll == (struct tui_win_info *) NULL