From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tdevries@suse.de>
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
 by sourceware.org (Postfix) with ESMTPS id 721FA3851C21
 for <gdb-patches@sourceware.org>; Thu,  6 May 2021 14:53:28 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 721FA3851C21
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=suse.de
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tdevries@suse.de
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.221.27])
 by mx2.suse.de (Postfix) with ESMTP id 94DE6B19A;
 Thu,  6 May 2021 14:53:27 +0000 (UTC)
Subject: Re: [PATCH 2/3] Fix buffer underflow in add_path
To: Tom Tromey <tromey@adacore.com>, gdb-patches@sourceware.org
References: <20210503193206.4008066-1-tromey@adacore.com>
 <20210503193206.4008066-3-tromey@adacore.com>
From: Tom de Vries <tdevries@suse.de>
Message-ID: <5679a5c1-f6eb-dbfe-73d2-b9b701f74e26@suse.de>
Date: Thu, 6 May 2021 16:53:18 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <20210503193206.4008066-3-tromey@adacore.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-12.2 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, NICE_REPLY_A, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gdb-patches@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-patches mailing list <gdb-patches.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2021 14:53:29 -0000

On 5/3/21 9:32 PM, Tom Tromey wrote:
> Address sanitizer pointed out a buglet in source.c:add_path.
> In this test, from gdb.base/source-dir.exp:
> 
>     (gdb) set directories :/foo:/bar
> 
> ... 'p[-1]' will result in a buffer underflow.
> This patch fixes the bug by introducing a new check.
> 

I also ran into this and came up with the same solution.  LGTM.

Thanks,
- Tom

> gdb/ChangeLog
> 2021-05-03  Tom Tromey  <tromey@adacore.com>
> 
> 	* source.c (add_path): Check 'p' before using 'p[-1]'.
> ---
>  gdb/ChangeLog | 4 ++++
>  gdb/source.c  | 1 +
>  2 files changed, 5 insertions(+)
> 
> diff --git a/gdb/source.c b/gdb/source.c
> index 6fc27ae72f7..b6dab6eb236 100644
> --- a/gdb/source.c
> +++ b/gdb/source.c
> @@ -537,6 +537,7 @@ add_path (const char *dirname, char **which_path, int parse_separators)
>        /* On MS-DOS and MS-Windows, h:\ is different from h: */
>  	     && !(p == name + 3 && name[1] == ':')		/* "d:/" */
>  #endif
> +	     && p > name
>  	     && IS_DIR_SEPARATOR (p[-1]))
>  	/* Sigh.  "foo/" => "foo" */
>  	--p;
>