From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28572 invoked by alias); 15 Sep 2009 09:58:10 -0000 Mailing-List: contact archer-help@sourceware.org; run by ezmlm Sender: Precedence: bulk List-Post: List-Help: List-Subscribe: List-Id: Received: (qmail 28560 invoked by uid 22791); 15 Sep 2009 09:58:09 -0000 X-SWARE-Spam-Status: No, hits=-1.6 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: sourceware.org Message-ID: <4AAF6528.6040504@redhat.com> Date: Tue, 15 Sep 2009 09:58:00 -0000 From: Phil Muldoon User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090814 Fedora/3.0-2.6.b3.fc11 Lightning/1.0pre Thunderbird/3.0b3 MIME-Version: 1.0 To: Project Archer Subject: [patch] Do not allow invalid subscript operations on GDB values Content-Type: multipart/mixed; boundary="------------060402030901030609040502" X-SW-Source: 2009-q3/txt/msg00215.txt.bz2 This is a multi-part message in MIME format. --------------060402030901030609040502 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-length: 783 This patches attempts to fix the discussion regarding invalid subscripts referenced here: http://permalink.gmane.org/gmane.comp.gdb.devel/26807 This patch checks the value type before allowing a subscript operation to proceed. It also adds some regressions and general tests for value subscripts. This patch was tested on x86-64, and causes no regressions. OK? Regards Phil ChangeLog 2009-09-15 Phil Muldoon * py-value.c (valpy_getitem): Test value before allowing subscript operation. Testsuite ChangeLog 2009-09-15 Phil Muldoon * gdb.python/py-value.exp (test_subscript_regression): New function. Test for invalid subscripts. * gdb.python/py-value.c (main): Add test array, and pointer to it. --------------060402030901030609040502 Content-Type: text/plain; name="py_subscript.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="py_subscript.patch" Content-length: 3574 diff --git a/gdb/python/py-value.c b/gdb/python/py-value.c index 159c118..d5b6753 100644 --- a/gdb/python/py-value.c +++ b/gdb/python/py-value.c @@ -328,7 +328,16 @@ valpy_getitem (PyObject *self, PyObject *key) type. */ struct value *idx = convert_value_from_python (key); if (idx != NULL) - res_val = value_subscript (tmp, value_as_long (idx)); + { + /* Check the value's type is something that can be accessed via + a subscript. */ + struct type *type = check_typedef (value_type (tmp)); + if (TYPE_CODE (type) != TYPE_CODE_ARRAY + && TYPE_CODE (type) != TYPE_CODE_PTR) + error( _("Cannot subscript requested type")); + else + res_val = value_subscript (tmp, value_as_long (idx)); + } } } diff --git a/gdb/testsuite/gdb.python/py-value.c b/gdb/testsuite/gdb.python/py-value.c index f3d6284..2142ce6 100644 --- a/gdb/testsuite/gdb.python/py-value.c +++ b/gdb/testsuite/gdb.python/py-value.c @@ -46,6 +46,8 @@ main (int argc, char *argv[]) PTR x = &s; char st[17] = "divide et impera"; char nullst[17] = "divide\0et\0impera"; + int a[3] = {1,2,3}; + int *p = a; s.a = 3; s.b = 5; diff --git a/gdb/testsuite/gdb.python/py-value.exp b/gdb/testsuite/gdb.python/py-value.exp index 93cddc7..e34dfb8 100644 --- a/gdb/testsuite/gdb.python/py-value.exp +++ b/gdb/testsuite/gdb.python/py-value.exp @@ -301,6 +301,42 @@ proc test_cast_regression {} { gdb_test "python print v" "5" "print value for cast test" } +# Regression test for invalid subscript operations. The bug was that +# the type of the value was not being checked before allowing a +# subscript operation to proceed. +proc test_subscript_regression {} { + gdb_py_test_silent_cmd "python intv = gdb.Value(1)" \ + "Create a value for subscript test" 1 + gdb_py_test_silent_cmd "python stringv = gdb.Value(\"foo\")" \ + "Create a value for subscript test" 1 + + # Try to access an int with a subscript. This should fail. + gdb_test "python print intv" "1" "Baseline print of a Python value" + gdb_test "python print intv\[0\]" "RuntimeError: Cannot subscript requested type.*" \ + "Attempt to access an integer with a subscript" + + # Try to access a string with a subscript. This should pass. + gdb_test "python print stringv" "foo." "Baseline print of a Python value" + gdb_test "python print stringv\[0\]" "f." "Attempt to access a string with a subscript" + + # Try to access an int array via a pointer with a subscript. This should pass. + gdb_py_test_silent_cmd "print p" "Build pointer to array" 1 + gdb_py_test_silent_cmd "python pointer = gdb.history(0)" "" 1 + gdb_test "python print pointer\[0\]" "1" "Access array via pointer with int subscript" + gdb_test "python print pointer\[intv\]" "2" "Access array via pointer with value subscript" + + # Try to access a single dimension array with a subscript to the + # result. This should fail. + gdb_test "python print pointer\[intv\]\[0\]" "RuntimeError: Cannot subscript requested type.*" \ + "Attempt to access an integer with a subscript" + + # Lastly, test subscript access to an array with multiple + # dimensions. This should pass. + gdb_py_test_silent_cmd "print {\"fu \",\"foo\",\"bar\"}" "Build array" 1 + gdb_py_test_silent_cmd "python marray = gdb.history(0)" "" 1 + gdb_test "python print marray\[1\]\[2\]" "o." "Test multiple subscript" +} + # Start with a fresh gdb. gdb_exit @@ -337,5 +373,6 @@ if ![runto_main] then { } test_value_in_inferior +test_subscript_regression test_value_after_death test_cast_regression --------------060402030901030609040502--