From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 119613858D33 for ; Wed, 16 Aug 2023 17:56:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 119613858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1692208604; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VwmGnV1pqO6FmeAnCWfn4BfwXTMCxEA4BPGFHnkPCyo=; b=aFH84yRTR5W1SMCQtIxK8mKg7zlMVMkgnhBMY8ysJg50ybjKtmgnAPAV2I65iuPPL/0hKz xOE9T0D7kK0A6qi8jfXKpMjZ6Y6F6hzOBx4Vu38wE2RIaG+ymMkIJLp2eeD7b8wbB6Lvim yZjDNt+uUyRrKk0hxP+Q0bRRiYqPbHo= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-245-oQ-08xX_MUCRXL-zX_1-mw-1; Wed, 16 Aug 2023 13:56:41 -0400 X-MC-Unique: oQ-08xX_MUCRXL-zX_1-mw-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1431D8DC661; Wed, 16 Aug 2023 17:56:41 +0000 (UTC) Received: from [10.22.16.198] (unknown [10.22.16.198]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C7E3A1121314; Wed, 16 Aug 2023 17:56:40 +0000 (UTC) Message-ID: <54cd2609-2526-5ff6-37cb-640ace0c128a@redhat.com> Date: Wed, 16 Aug 2023 10:56:39 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH] Avoid buffer overflow in ada_decode To: Tom Tromey , gdb-patches@sourceware.org References: <20230816173133.867606-1-tromey@adacore.com> From: Keith Seitz In-Reply-To: <20230816173133.867606-1-tromey@adacore.com> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 8/16/23 10:31, Tom Tromey via Gdb-patches wrote: > A bug report pointed out a buffer overflow in ada_decode, which Keith > helpfully analyzed. ada_decode had a logic error when the input was > all digits. While this isn't valid -- and would probably only appear > in fuzzer tests -- it still should be handled properly. > > This patch adds a missing bounds check. Tested with the self-tests in > an asan build. That's excellent. Thank you for the quick turnaround! Reviewed-by: Keith Seitz Keith