From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 7851) id A1A763858D3C; Sat, 24 Sep 2022 08:56:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A1A763858D3C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1664009817; bh=JS0/3n4E45zavW5cLbEdJV5E6KweMGIYKFdq+k1+9LU=; h=From:To:Subject:Date:From; b=s3VZjBAu28wzuJiDsuMC29mC1/Xj7aV+AnTjSsOxSIVx9F2fLgqvJ5yYS+wb/0Pgl DB87MLNbKKsFamzTAWoLa+bEHZL2YO5h+lsUPoVVjtwdTFIuqJoy8PD9ziDt5H3J// UY0JFNVc4o2KwtOAjM39blcF3X85BQOpZ8QAbt98= Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Magne Hov To: gdb-cvs@sourceware.org Subject: [binutils-gdb] gdb/source.c: Fix undefined behaviour dereferencing empty string X-Act-Checkin: binutils-gdb X-Git-Author: Magne Hov X-Git-Refname: refs/heads/master X-Git-Oldrev: b7098e650c9f1ced654c939bebd4b70e7d028132 X-Git-Newrev: 7f2415858349f0e1eed6f8cfcb0165ed2f3c14bf Message-Id: <20220924085657.A1A763858D3C@sourceware.org> Date: Sat, 24 Sep 2022 08:56:57 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D7f2415858349= f0e1eed6f8cfcb0165ed2f3c14bf commit 7f2415858349f0e1eed6f8cfcb0165ed2f3c14bf Author: Magne Hov Date: Sat Sep 24 09:35:50 2022 +0100 gdb/source.c: Fix undefined behaviour dereferencing empty string =20 When a source file's dirname is solely made up of directory separators we end up trying to dereference the last character of an empty string with std::string::back, which results in undefined behaviour. A typical use case where this can happen is when the root directory "/" is used as a compilation directory. =20 With libstdc++.so.6.0.28 we get no out-of-bounds checks and the byte preceding the storage of the empty string is returned. The character value of this byte depends on heap implementation and usage, but when this byte happens to hold the value of the directory separator character we go on to call std::string::pop_back on the empty string which results in an out_of_range exception which terminates GDB. =20 Fix this by using path_join. prepare_path_for_appending ensures that the filename component is relative. =20 The testsuite has been run before and after the change and no regressions were found. Diff: --- gdb/source.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/gdb/source.c b/gdb/source.c index 3f498d552c4..25ad1ecb3da 100644 --- a/gdb/source.c +++ b/gdb/source.c @@ -1146,15 +1146,7 @@ find_and_open_source (const char *filename, helpful if part of the compilation directory was removed, e.g. using gcc's -fdebug-prefix-map, and we have added the missing prefix to source_path. */ - std::string cdir_filename (dirname); - - /* Remove any trailing directory separators. */ - while (IS_DIR_SEPARATOR (cdir_filename.back ())) - cdir_filename.pop_back (); - - /* Add our own directory separator. */ - cdir_filename.append (SLASH_STRING); - cdir_filename.append (filename_start); + std::string cdir_filename =3D path_join (dirname, filename_start); =20 result =3D openp (path, OPF_SEARCH_IN_PATH | OPF_RETURN_REALPATH, cdir_filename.c_str (), OPEN_MODE, fullname);