From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) by sourceware.org (Postfix) with ESMTPS id F08033858CDB for ; Thu, 15 Sep 2022 18:31:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org F08033858CDB Received: by mail-wm1-x331.google.com with SMTP id az6so14475792wmb.4 for ; Thu, 15 Sep 2022 11:31:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date; bh=l92OEQ07fFLh8TVuOn5BwxCd0Z7wEyDNE/c0xfDjIgQ=; b=R7znYegAenIuRtkY1d3y7Vyqmvc4BJiQMoE9I+LWtXyFsT2PswA3U/x69xkUJBx0Ni 00VQUw4zigy2Wo6zsQLfcJLnA8Qifn8HXKz5be1ZV01bvulYxN9ir9wRIzAyJnkh6EA2 gwYBiEmLTib5JrcLamImul+IgEEXsKtXdWIk4MxRNbePw9IXD/Eut1gBvs7uzlYntf7v fVEtRz55q6RPbEyWCoSLBhR+x/Le4sruFJEeIJws0o9uGp+vOmFeeaTiO57jPInOLQyF tyUTLIe2YdQXkNNdYntu7jok1h0B5fJwN0adsmNx6i/at345q7bUsdjtEI9yGabQB8Tq +8/w== X-Gm-Message-State: ACgBeo1jrgw3VvTN/qyZkYk6WMiFAPht68cqPEKLa1DPxVrKWB62sDyU +3A1mrp9c7IyQWESXLkimPRfn5vzkXqKKjHjMCN+Qq696cbvC/850S5/LfI4Bc/exXXbSZaXKig c3Cz0EU69knq82tbEagvp+6ET1eSbYge6RJxi7aZU9Y1lKCicz2FXbLDrwg0D8EIoOg== X-Google-Smtp-Source: AA6agR60MI9ePX6cMKIjObiCoPzRz8wV1wC/7zZ33VppQBf3x5Nc1CUITXc+ydUrQTu7Stng9Oc4gQ== X-Received: by 2002:a05:600c:548b:b0:3b4:61f4:804e with SMTP id iv11-20020a05600c548b00b003b461f4804emr7336139wmb.188.1663266709732; Thu, 15 Sep 2022 11:31:49 -0700 (PDT) Received: from sbrinz-thinkpad.undoers.io (82-132-233-139.dab.02.net. [82.132.233.139]) by smtp.gmail.com with ESMTPSA id n8-20020a05600c4f8800b003a840690609sm4931741wmq.36.2022.09.15.11.31.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Sep 2022 11:31:49 -0700 (PDT) From: Magne Hov To: gdb-patches@sourceware.org Subject: [PATCH] gdb/source.c: Fix undefined behaviour dereferencing empty string Date: Thu, 15 Sep 2022 19:31:41 +0100 Message-Id: <20220915183141.3484234-1-mhov@undo.io> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2022 18:31:53 -0000 When a source file's dirname is solely made up of directory separators we end up trying to dereference the last character of an empty string with std::string::back, which results in undefined behaviour. A typical use case where this can happen is when the root directory "/" is used as a compilation directory. With libstdc++.so.6.0.28 we get no out-of-bounds checks and the byte preceding the storage of the empty string is returned. The character value of this byte depends on heap implementation and usage, but when this byte happens to hold the value of the directory separator character we go on to call std::string::pop_back on the empty string which results in an out_of_range exception which terminates GDB. Fix this by checking for the empty string. The testsuite has been run before and after the change and no regressions were found. --- gdb/source.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gdb/source.c b/gdb/source.c index 3f498d552c4..9d69052c4f1 100644 --- a/gdb/source.c +++ b/gdb/source.c @@ -1149,7 +1149,7 @@ find_and_open_source (const char *filename, std::string cdir_filename (dirname); /* Remove any trailing directory separators. */ - while (IS_DIR_SEPARATOR (cdir_filename.back ())) + while (!cdir_filename.empty () && IS_DIR_SEPARATOR (cdir_filename.back ())) cdir_filename.pop_back (); /* Add our own directory separator. */ -- 2.25.1