From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tromey@adacore.com>
Received: from rock.gnat.com (rock.gnat.com
 [IPv6:2620:20:4000:0:a9e:1ff:fe9b:1d1])
 by sourceware.org (Postfix) with ESMTP id 73A7B393D033
 for <gdb-patches@sourceware.org>; Mon,  3 May 2021 19:32:08 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 73A7B393D033
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=adacore.com
Authentication-Results: sourceware.org;
 spf=pass smtp.mailfrom=tromey@adacore.com
Received: from localhost (localhost.localdomain [127.0.0.1])
 by filtered-rock.gnat.com (Postfix) with ESMTP id 52F20117573;
 Mon,  3 May 2021 15:32:08 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at gnat.com
Received: from rock.gnat.com ([127.0.0.1])
 by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id Z5SHRouG2FJE; Mon,  3 May 2021 15:32:08 -0400 (EDT)
Received: from murgatroyd.Home (97-122-70-176.hlrn.qwest.net [97.122.70.176])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by rock.gnat.com (Postfix) with ESMTPSA id 10C2F117163;
 Mon,  3 May 2021 15:32:08 -0400 (EDT)
From: Tom Tromey <tromey@adacore.com>
To: gdb-patches@sourceware.org
Cc: Tom Tromey <tromey@adacore.com>
Subject: [PATCH 2/3] Fix buffer underflow in add_path
Date: Mon,  3 May 2021 13:32:05 -0600
Message-Id: <20210503193206.4008066-3-tromey@adacore.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210503193206.4008066-1-tromey@adacore.com>
References: <20210503193206.4008066-1-tromey@adacore.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gdb-patches@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-patches mailing list <gdb-patches.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2021 19:32:10 -0000

Address sanitizer pointed out a buglet in source.c:add_path.
In this test, from gdb.base/source-dir.exp:

    (gdb) set directories :/foo:/bar

... 'p[-1]' will result in a buffer underflow.
This patch fixes the bug by introducing a new check.

gdb/ChangeLog
2021-05-03  Tom Tromey  <tromey@adacore.com>

	* source.c (add_path): Check 'p' before using 'p[-1]'.
---
 gdb/ChangeLog | 4 ++++
 gdb/source.c  | 1 +
 2 files changed, 5 insertions(+)

diff --git a/gdb/source.c b/gdb/source.c
index 6fc27ae72f7..b6dab6eb236 100644
--- a/gdb/source.c
+++ b/gdb/source.c
@@ -537,6 +537,7 @@ add_path (const char *dirname, char **which_path, int parse_separators)
       /* On MS-DOS and MS-Windows, h:\ is different from h: */
 	     && !(p == name + 3 && name[1] == ':')		/* "d:/" */
 #endif
+	     && p > name
 	     && IS_DIR_SEPARATOR (p[-1]))
 	/* Sigh.  "foo/" => "foo" */
 	--p;
-- 
2.26.3