From: Magne Hov <mhov@undo.io>
To: gdb-patches@sourceware.org
Subject: [PATCH v2] gdb/source.c: Fix undefined behaviour dereferencing empty string
Date: Wed, 21 Sep 2022 15:58:34 +0100 [thread overview]
Message-ID: <20220921145834.837969-1-mhov@undo.io> (raw)
In-Reply-To: <20220915183141.3484234-1-mhov@undo.io>
When a source file's dirname is solely made up of directory separators
we end up trying to dereference the last character of an empty string
with std::string::back, which results in undefined behaviour. A typical
use case where this can happen is when the root directory "/" is used as
a compilation directory.
With libstdc++.so.6.0.28 we get no out-of-bounds checks and the byte
preceding the storage of the empty string is returned. The character
value of this byte depends on heap implementation and usage, but when
this byte happens to hold the value of the directory separator character
we go on to call std::string::pop_back on the empty string which results
in an out_of_range exception which terminates GDB.
Fix this by using path_join. prepare_path_for_appending ensures that the
filename component is relative.
The testsuite has been run before and after the change and no
regressions were found.
---
gdb/source.c | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/gdb/source.c b/gdb/source.c
index 3f498d552c4..25ad1ecb3da 100644
--- a/gdb/source.c
+++ b/gdb/source.c
@@ -1146,15 +1146,7 @@ find_and_open_source (const char *filename,
helpful if part of the compilation directory was removed,
e.g. using gcc's -fdebug-prefix-map, and we have added the missing
prefix to source_path. */
- std::string cdir_filename (dirname);
-
- /* Remove any trailing directory separators. */
- while (IS_DIR_SEPARATOR (cdir_filename.back ()))
- cdir_filename.pop_back ();
-
- /* Add our own directory separator. */
- cdir_filename.append (SLASH_STRING);
- cdir_filename.append (filename_start);
+ std::string cdir_filename = path_join (dirname, filename_start);
result = openp (path, OPF_SEARCH_IN_PATH | OPF_RETURN_REALPATH,
cdir_filename.c_str (), OPEN_MODE, fullname);
--
2.25.1
next prev parent reply other threads:[~2022-09-21 14:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-15 18:31 [PATCH] " Magne Hov
2022-09-20 19:07 ` Tom Tromey
2022-09-21 14:51 ` Magne Hov
2022-09-21 14:58 ` Magne Hov [this message]
2022-09-21 15:52 ` [PATCH v2] " Simon Marchi
2022-09-22 13:11 ` Magne Hov
2022-09-24 8:58 ` Magne Hov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220921145834.837969-1-mhov@undo.io \
--to=mhov@undo.io \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).