From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 36985 invoked by alias); 17 Aug 2018 23:12:56 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 36366 invoked by uid 89); 17 Aug 2018 23:12:55 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-25.5 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=preventing, cliscriptc, UD:cli-script.c, H*RU:100.42.49.9 X-HELO: gateway22.websitewelcome.com Received: from gateway22.websitewelcome.com (HELO gateway22.websitewelcome.com) (192.185.46.233) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 17 Aug 2018 23:12:54 +0000 Received: from cm15.websitewelcome.com (cm15.websitewelcome.com [100.42.49.9]) by gateway22.websitewelcome.com (Postfix) with ESMTP id E8B836F36 for ; Fri, 17 Aug 2018 18:12:52 -0500 (CDT) Received: from box5379.bluehost.com ([162.241.216.53]) by cmsmtp with SMTP id qnvIfPtBjbXuJqnvIfnFJO; Fri, 17 Aug 2018 18:12:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tromey.com; s=default; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Xtq1lMo28zcO27DumV7lTqJeNM+IBeJzD/anqq4UGss=; b=QFDcXmsdOZxKKNSLvE8qNtLjWS CnuMyJp3PqY7uGDsgIpv61vBwxF0ZXJz0uaX8kuKeHJmutuUEOobkmzNrXP49Dz9cWqAUO5CNOe6P iORPgisT/LWyee9nUVD+YX63u; Received: from 75-166-85-72.hlrn.qwest.net ([75.166.85.72]:32898 helo=bapiya.Home) by box5379.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1fqnvI-000mxq-Lv; Fri, 17 Aug 2018 18:12:52 -0500 From: Tom Tromey To: gdb-patches@sourceware.org Cc: Tom Tromey Subject: [FYI 1/2] Fix use-after-free in number_or_range_parser Date: Fri, 17 Aug 2018 23:12:00 -0000 Message-Id: <20180817231250.3228-2-tom@tromey.com> In-Reply-To: <20180817231250.3228-1-tom@tromey.com> References: <20180817231250.3228-1-tom@tromey.com> X-SW-Source: 2018-08/txt/msg00437.txt.bz2 -fsanitize=address showed a use-after-free in number_or_range_parser. The cause was that handle_line_of_input could stash the input into "saved_command_line", and then this could be freed by reentrant calls. This fixes the bug by preventing commands that are read by "commands" from being eligible for repeating. gdb/ChangeLog 2018-08-17 Tom Tromey * cli/cli-script.c (read_next_line): Pass 0 as repeat argument to command_line_input. --- gdb/ChangeLog | 5 +++++ gdb/cli/cli-script.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/gdb/cli/cli-script.c b/gdb/cli/cli-script.c index 6f31a40019..d03b3bcf60 100644 --- a/gdb/cli/cli-script.c +++ b/gdb/cli/cli-script.c @@ -903,7 +903,7 @@ read_next_line (void) else prompt_ptr = NULL; - return command_line_input (prompt_ptr, from_tty, "commands"); + return command_line_input (prompt_ptr, 0, "commands"); } /* Return true if CMD's name is NAME. */ -- 2.13.6