From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) by sourceware.org (Postfix) with ESMTPS id 75CE838582A7 for ; Wed, 21 Sep 2022 14:58:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 75CE838582A7 Received: by mail-wr1-x434.google.com with SMTP id x18so4313316wrm.7 for ; Wed, 21 Sep 2022 07:58:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date; bh=SuVRrlO+unMH7UFwulzdmz5hGg+1VAcPdfxYxefaLqU=; b=x3TMXvFDIs8fKLH84ktULSq6UVDdKvSIQg2H18UQCuK+D2cg0JtcIPLnXRWTdVih6l dLUZ0O0d+KyLuVcv9KIATmzJ+FHbdchcBypxMFEwSgWqCAeqxJQof0VnKu5nrvQ7ucuh XMkE6zoTUTBrgs40Uv/vxh/1b0C53Dk6CanqtnmhXft2cSBaP/utJ5XTbT85UhFq2el8 i+ycNJTpnKj2uTdx5p0vCAIdiVL64IQO81k9pZfbZ0VgWUNwJrImYQgqQ2rEQrHGVXGc P2JvLRLSSQ58UEl8Agg9xMWSbQUGxsY/BAkrMhwWkexJAb17W+9I4XmykTkbIKnI7Jtt QBhw== X-Gm-Message-State: ACrzQf3zWW1jYuYs2m7Otdk5Xvzzszl0OUTzMtItrAsuLBvDKn7haXC1 we8PS4w0T6+dR9jjIKkJmqkAu39uoMydpIkzgY95h9bL7zjp/gviR1hMAHVoLq4ioUg5HWdpFM7 HKK811rfzxS21nFw+4fOIpkMwHYXsoieprZ/k7rhYg1ooTJoJ4df4i8CFHtgWvbvi7A== X-Google-Smtp-Source: AMsMyM4fV6Sn0K6D/CQr440z2vYy14AjGUIKoROYNTlabSXjphE1ccHiUZhNHeS+qhuJhpXKRHT62Q== X-Received: by 2002:a05:6000:1b0e:b0:22a:e807:caf0 with SMTP id f14-20020a0560001b0e00b0022ae807caf0mr13100342wrz.569.1663772319175; Wed, 21 Sep 2022 07:58:39 -0700 (PDT) Received: from sbrinz-thinkpad.undoers.io (nrwh-14-b2-v4wan-164652-cust345.vm23.cable.virginm.net. [81.96.125.90]) by smtp.gmail.com with ESMTPSA id 6-20020a05600c028600b003b339438733sm3064475wmk.19.2022.09.21.07.58.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Sep 2022 07:58:37 -0700 (PDT) From: Magne Hov To: gdb-patches@sourceware.org Subject: [PATCH v2] gdb/source.c: Fix undefined behaviour dereferencing empty string Date: Wed, 21 Sep 2022 15:58:34 +0100 Message-Id: <20220921145834.837969-1-mhov@undo.io> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220915183141.3484234-1-mhov@undo.io> References: <20220915183141.3484234-1-mhov@undo.io> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-11.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Sep 2022 14:58:42 -0000 When a source file's dirname is solely made up of directory separators we end up trying to dereference the last character of an empty string with std::string::back, which results in undefined behaviour. A typical use case where this can happen is when the root directory "/" is used as a compilation directory. With libstdc++.so.6.0.28 we get no out-of-bounds checks and the byte preceding the storage of the empty string is returned. The character value of this byte depends on heap implementation and usage, but when this byte happens to hold the value of the directory separator character we go on to call std::string::pop_back on the empty string which results in an out_of_range exception which terminates GDB. Fix this by using path_join. prepare_path_for_appending ensures that the filename component is relative. The testsuite has been run before and after the change and no regressions were found. --- gdb/source.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/gdb/source.c b/gdb/source.c index 3f498d552c4..25ad1ecb3da 100644 --- a/gdb/source.c +++ b/gdb/source.c @@ -1146,15 +1146,7 @@ find_and_open_source (const char *filename, helpful if part of the compilation directory was removed, e.g. using gcc's -fdebug-prefix-map, and we have added the missing prefix to source_path. */ - std::string cdir_filename (dirname); - - /* Remove any trailing directory separators. */ - while (IS_DIR_SEPARATOR (cdir_filename.back ())) - cdir_filename.pop_back (); - - /* Add our own directory separator. */ - cdir_filename.append (SLASH_STRING); - cdir_filename.append (filename_start); + std::string cdir_filename = path_join (dirname, filename_start); result = openp (path, OPF_SEARCH_IN_PATH | OPF_RETURN_REALPATH, cdir_filename.c_str (), OPEN_MODE, fullname); -- 2.25.1