This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [PATCH] PR 16286: Reading python value as string beyond declared size
- From: Doug Evans <dje at google dot com>
- To: Pedro Alves <palves at redhat dot com>
- Cc: gdb-patches <gdb-patches at sourceware dot org>, Joel Brobecker <brobecker at adacore dot com>, Sterling Augustine <saugustine at google dot com>
- Date: Tue, 10 Dec 2013 16:24:56 -0800
- Subject: Re: [PATCH] PR 16286: Reading python value as string beyond declared size
- Authentication-results: sourceware.org; auth=none
- References: <yjt2haaqyhe7 dot fsf at ruffy dot mtv dot corp dot google dot com> <529E3F10 dot 6030607 at redhat dot com> <CADPb22SFRk9ZVkaF1HPt_mQcsqxpBFhvtrdD7GK5e6_Vx7K7ug at mail dot gmail dot com> <529F1654 dot 8000704 at redhat dot com>
Pedro Alves writes:
> On 12/03/2013 11:01 PM, Doug Evans wrote:
> > On Tue, Dec 3, 2013 at 12:29 PM, Pedro Alves <palves@redhat.com> wrote:
> >> On 12/02/2013 11:14 PM, Doug Evans wrote:
> >>> + if (*length > 0)
> >>> + fetchlimit = UINT_MAX;
> >>
> >> Shouldn't this be:
> >>
> >> if (*length > 0)
> >> fetchlimit = *length;
> >>
> >> ? That is, if the caller specified a limit, why do we do over it?
> >
> > read_string will take min (len, fetchlimit), and I saw no value in
> > passing fetchlimit = *length.
>
> Ah, I see now. Thanks.
Thanks. Committed.
> >> BTW, it looks like the not_lval/lval_internalvar path can
> >> blindly read beyond the value's contents buffer, if *length
> >> is bigger than the value's contents buffer size:
> > It didn't look right to me either, but I was leaving digging deeper
> > for another pass.
>
> OK. TBC, I wasn't requesting that'd be fixed in this patch, only
> for confirmation that I wasn't missing something.
I filed https://sourceware.org/bugzilla/show_bug.cgi?id=16313