This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [PATCH] fix bug with command `printf "%s\n", $_as_string($pc)`
I've attached the patch with correct formatting because my email client
replaces tabs with spaces. I'll leave the changelog entries as you
suggested.
Thanks again,
Matthew
Just make sure to put each change in the relevant ChangeLog, the one
"closest" to the change in the directory structure. For example, for
you change, I would do:
gdb/ChangeLog:
* python/py-value.c (convert_value_from_python): Consider terminating
NULL byte in string length.
gdb/doc/ChangeLog:
* gdb.texinfo (Convenience Variables for Tracepoints): Mention that
trace_func should not be used with output and not printf.
gdb/testsuite/ChangeLog:
* gdb.python/py-as-string.c (malloc): New function.
* gdb.python/py-as-string.exp (test_as_string): Test $_as_string on
a string with printf.
* gdb.python/py-mi.exp: Adjust array length.
IIUC, the goal of overriding malloc is to ensure that the memory
return by malloc is not all zeroes, which would potentially hide the
bug? If that's right, you could instead write a wrapper for malloc
instead of a replacement. The wrapper would memset the allocated
buffer to 'x'es, for example. This way, it will be safer in case
there are many calls to malloc or calls with size > 51.
See option #2 of this answer: http://stackoverflow.com/a/262481
Yes, that was the reason. I used this way because I read that gdb also
worked on non-POSIX systems (windows especially) and thought having a
working test on all systems would be preferred (though I didn't check
that all systems support the testing framework).
I believe that no other calls to malloc are made in the inferior for
this test, and that this program isn't used anywhere else, so this
limit of 51 bytes is never hit.
I agree this is a bug waiting to happen, so I can accept if the
alternate would be preferred, but I thought I'd mention my reasoning.
That's a good justification too, I'm ok with either.
commit 28312c70fcba81ef50a93ff52dde47230efc35cb
Author: Matthew Malcomson <hardenedapple@gmail.com>
Date: Sun Feb 26 13:10:09 2017 +0000
convert_value_from_python include terminating NULL
When converting python strings to internal gdb Value strings, the NULL
byte was initially left out, this can result in extra data from the
inferior being printed when the resulting value is used with
printf "%s\n", value
diff --git a/gdb/doc/gdb.texinfo b/gdb/doc/gdb.texinfo
index 962325be3a..486b7899fb 100644
--- a/gdb/doc/gdb.texinfo
+++ b/gdb/doc/gdb.texinfo
@@ -13645,8 +13645,8 @@ The source file for the current trace snapshot.
The name of the function containing @code{$tracepoint}.
@end table
-Note: @code{$trace_file} is not suitable for use in @code{printf},
-use @code{output} instead.
+Note: @code{$trace_file} and @code{$trace_file} are not suitable for use in
+@code{printf}, use @code{output} instead.
Here's a simple example of using these convenience variables for
stepping through all the trace snapshots and printing some of their
diff --git a/gdb/python/py-value.c b/gdb/python/py-value.c
index eb3d307b19..c786f68865 100644
--- a/gdb/python/py-value.c
+++ b/gdb/python/py-value.c
@@ -1615,7 +1615,7 @@ convert_value_from_python (PyObject *obj)
gdb::unique_xmalloc_ptr<char> s
= python_string_to_target_string (obj);
if (s != NULL)
- value = value_cstring (s.get (), strlen (s.get ()),
+ value = value_cstring (s.get (), strlen (s.get ()) + 1,
builtin_type_pychar);
}
else if (PyObject_TypeCheck (obj, &value_object_type))
diff --git a/gdb/testsuite/gdb.python/py-as-string.c b/gdb/testsuite/gdb.python/py-as-string.c
index de2e8a1951..e53f3a9b64 100644
--- a/gdb/testsuite/gdb.python/py-as-string.c
+++ b/gdb/testsuite/gdb.python/py-as-string.c
@@ -15,6 +15,8 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
+#include <stddef.h>
+
enum EnumType {
ENUM_VALUE_A,
ENUM_VALUE_B,
@@ -22,6 +24,20 @@ enum EnumType {
ENUM_VALUE_D,
};
+static char arena[51] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
+
+/* Override malloc() so value_coerce_to_target() gets a known pointer, and we
+ know we'll see an error if $_as_string() returns a string that isn't NULL
+ terminated. */
+void
+*malloc (size_t size)
+{
+ if (size > sizeof (arena))
+ return NULL;
+
+ return arena;
+}
+
static enum EnumType enum_valid = ENUM_VALUE_B;
static enum EnumType enum_invalid = 20;
diff --git a/gdb/testsuite/gdb.python/py-as-string.exp b/gdb/testsuite/gdb.python/py-as-string.exp
index 0c44d5f174..e4625631c2 100644
--- a/gdb/testsuite/gdb.python/py-as-string.exp
+++ b/gdb/testsuite/gdb.python/py-as-string.exp
@@ -35,6 +35,13 @@ proc test_as_string { } {
gdb_test "p \$_as_string(2)" "\"2\""
gdb_test "p \$_as_string(enum_valid)" "\"ENUM_VALUE_B\""
gdb_test "p \$_as_string(enum_invalid)" "\"20\""
+
+ # Test that the NULL character is included in the returned value.
+ gdb_test "printf \"%s\\n\", \$_as_string(\"hi\")" "\"hi\""
+ # Quote once to define the string, and once for the regexp.
+ gdb_test "interpreter-exec mi '-var-create test * \$_as_string(\"Hello\")'" \
+ "\\^done,name=\"test\",numchild=\"8\",value=\"\\\[8]\",type=\"char \\\[8]\",has_more=\"0\""
+ gdb_test "interpreter-exec mi '-var-delete test'" "\\^done,ndeleted=\"1\""
}
test_as_string
diff --git a/gdb/testsuite/gdb.python/py-mi.exp b/gdb/testsuite/gdb.python/py-mi.exp
index 736dc7a0d6..a5ad3f0f44 100644
--- a/gdb/testsuite/gdb.python/py-mi.exp
+++ b/gdb/testsuite/gdb.python/py-mi.exp
@@ -281,7 +281,7 @@ mi_create_dynamic_varobj nstype2 nstype2 1 \
"create nstype2 varobj"
mi_list_varobj_children nstype2 {
- { {nstype2.<error at 0>} {<error at 0>} 6 {char \[6\]} }
+ { {nstype2.<error at 0>} {<error at 0>} 7 {char \[7\]} }
} "list children after setting exception flag"
mi_create_varobj me me \