From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=HQQH=BZ=simark.ca=simark@sourceware.org>
Received: from simark.ca (simark.ca [158.69.221.121])
	by sourceware.org (Postfix) with ESMTPS id 98B713887F59
	for <gdb-patches@sourceware.org>; Mon,  5 Jun 2023 17:57:23 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 98B713887F59
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=simark.ca
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=simark.ca
Received: from [10.0.0.170] (modemcable238.237-201-24.mc.videotron.ca [24.201.237.238])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPSA id 8A67B1E0D6;
	Mon,  5 Jun 2023 13:57:22 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=simark.ca; s=mail;
	t=1685987842; bh=m7Sp4A+ZDZEoIfYPAp5RJZtezH3UWmEORZP/zPNZhXc=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
	b=D8Q6PomiM8c8zV/UOxZkJS2zFpAeZdVNtHi/Kl+TXaGa7Rz1qLTC7UL4HBfxyCvz8
	 jImn7c4lk5meqL2E1sr2+8udbx0HcdBgBakOdorZt972EBSD32+uxTH4wxhjtuD3pY
	 QaZ8iyceqjIse+wFy3I+RB88+Txt/IfJrkGFf2XQ=
Message-ID: <d35340bb-9430-0ae2-6826-2a771b2c293c@simark.ca>
Date: Mon, 5 Jun 2023 13:57:22 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.11.2
Subject: Re: [PATCHv3] gdb: building inferior strings from within GDB
To: Andrew Burgess <aburgess@redhat.com>, gdb-patches@sourceware.org
Cc: Pedro Alves <pedro@palves.net>, Simon Marchi <simon.marchi@efficios.com>
References: <75628df1fbd72166504c9b2a368170121b86e072.1680849242.git.aburgess@redhat.com>
 <e98fdbacf5c72b018b0172027967629d9f5267a1.1684937359.git.aburgess@redhat.com>
 <d1ff310c-0b20-cc1e-7940-e0a44cf264ee@simark.ca> <878rcy3xj8.fsf@redhat.com>
Content-Language: fr
From: Simon Marchi <simark@simark.ca>
In-Reply-To: <878rcy3xj8.fsf@redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_LOTSOFHASH,NICE_REPLY_A,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE,WEIRD_PORT autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gdb-patches.sourceware.org>

On 6/5/23 08:26, Andrew Burgess via Gdb-patches wrote:
> You are right.  I merged these two calls, and the other two in
> str_value_from_setting, and pushed this patch.

Turns out this test triggers an ASan error:

(gdb) PASS: gdb.base/internal-string-values.exp: test_setting: all langs: lang=ada: ptype "foo"
print $_gdb_maint_setting("test-settings string")
=================================================================
==80377==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000068034 at pc 0x564785cba682 bp 0x7ffd20644620 sp 0x7ffd20644610
READ of size 1 at 0x603000068034 thread T0
    #0 0x564785cba681 in find_command_name_length(char const*) /home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:2129
    #1 0x564785cbacb2 in lookup_cmd_1(char const**, cmd_list_element*, cmd_list_element**, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, int, bool) /home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:2186
    #2 0x564785cbb539 in lookup_cmd_1(char const**, cmd_list_element*, cmd_list_element**, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, int, bool) /home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:2248
    #3 0x564785cbbcf3 in lookup_cmd(char const**, cmd_list_element*, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, int, int) /home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:2339
    #4 0x564785c82df2 in setting_cmd /home/smarchi/src/binutils-gdb/gdb/cli/cli-cmds.c:2219
    #5 0x564785c84274 in gdb_maint_setting_internal_fn /home/smarchi/src/binutils-gdb/gdb/cli/cli-cmds.c:2348
    #6 0x564788167b3b in call_internal_function(gdbarch*, language_defn const*, value*, int, value**) /home/smarchi/src/binutils-gdb/gdb/value.c:2321
    #7 0x5647854b6ebd in expr::ada_funcall_operation::evaluate(type*, expression*, noside) /home/smarchi/src/binutils-gdb/gdb/ada-lang.c:11254
    #8 0x564786658266 in expression::evaluate(type*, noside) /home/smarchi/src/binutils-gdb/gdb/eval.c:111
    #9 0x5647871242d6 in process_print_command_args /home/smarchi/src/binutils-gdb/gdb/printcmd.c:1322
    #10 0x5647871244b3 in print_command_1 /home/smarchi/src/binutils-gdb/gdb/printcmd.c:1335
    #11 0x564787125384 in print_command /home/smarchi/src/binutils-gdb/gdb/printcmd.c:1468
    #12 0x564785caac44 in do_simple_func /home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:95
    #13 0x564785cc18f0 in cmd_func(cmd_list_element*, char const*, int) /home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:2735
    #14 0x564787c70c68 in execute_command(char const*, int) /home/smarchi/src/binutils-gdb/gdb/top.c:574
    #15 0x564786686180 in command_handler(char const*) /home/smarchi/src/binutils-gdb/gdb/event-top.c:543
    #16 0x56478668752f in command_line_handler(std::unique_ptr<char, gdb::xfree_deleter<char> >&&) /home/smarchi/src/binutils-gdb/gdb/event-top.c:779
    #17 0x564787dcb29a in tui_command_line_handler /home/smarchi/src/binutils-gdb/gdb/tui/tui-interp.c:104
    #18 0x56478668443d in gdb_rl_callback_handler /home/smarchi/src/binutils-gdb/gdb/event-top.c:250
    #19 0x7f4efd506246 in rl_callback_read_char (/usr/lib/libreadline.so.8+0x3b246) (BuildId: 092e91fc4361b0ef94561e3ae03a75f69398acbb)
    #20 0x564786683dea in gdb_rl_callback_read_char_wrapper_noexcept /home/smarchi/src/binutils-gdb/gdb/event-top.c:192
    #21 0x564786684042 in gdb_rl_callback_read_char_wrapper /home/smarchi/src/binutils-gdb/gdb/event-top.c:225
    #22 0x564787f1b119 in stdin_event_handler /home/smarchi/src/binutils-gdb/gdb/ui.c:155
    #23 0x56478862438d in handle_file_event /home/smarchi/src/binutils-gdb/gdbsupport/event-loop.cc:573
    #24 0x564788624d23 in gdb_wait_for_event /home/smarchi/src/binutils-gdb/gdbsupport/event-loop.cc:694
    #25 0x56478862297c in gdb_do_one_event(int) /home/smarchi/src/binutils-gdb/gdbsupport/event-loop.cc:264
    #26 0x564786df99f0 in start_event_loop /home/smarchi/src/binutils-gdb/gdb/main.c:412
    #27 0x564786dfa069 in captured_command_loop /home/smarchi/src/binutils-gdb/gdb/main.c:476
    #28 0x564786dff61f in captured_main /home/smarchi/src/binutils-gdb/gdb/main.c:1320
    #29 0x564786dff75c in gdb_main(captured_main_args*) /home/smarchi/src/binutils-gdb/gdb/main.c:1339
    #30 0x564785381b6d in main /home/smarchi/src/binutils-gdb/gdb/gdb.c:32
    #31 0x7f4efbc3984f  (/usr/lib/libc.so.6+0x2384f) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e)
    #32 0x7f4efbc39909 in __libc_start_main (/usr/lib/libc.so.6+0x23909) (BuildId: 2f005a79cd1a8e385972f5a102f16adba414d75e)
    #33 0x564785381934 in _start (/home/smarchi/build/binutils-gdb/gdb/gdb+0xabc5934) (BuildId: 90de353ac158646e7dab501b76a18a76628fca33)

0x603000068034 is located 0 bytes after 20-byte region [0x603000068020,0x603000068034)
allocated by thread T0 here:
    #0 0x7f4efcee0cd1 in __interceptor_calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x5647856265d8 in xcalloc /home/smarchi/src/binutils-gdb/gdb/alloc.c:97
    #2 0x564788610c6b in xzalloc(unsigned long) /home/smarchi/src/binutils-gdb/gdbsupport/common-utils.cc:29
    #3 0x56478815721a in value::allocate_contents(bool) /home/smarchi/src/binutils-gdb/gdb/value.c:929
    #4 0x564788157285 in value::allocate(type*, bool) /home/smarchi/src/binutils-gdb/gdb/value.c:941
    #5 0x56478815733a in value::allocate(type*) /home/smarchi/src/binutils-gdb/gdb/value.c:951
    #6 0x5647854ae81c in expr::ada_string_operation::evaluate(type*, expression*, noside) /home/smarchi/src/binutils-gdb/gdb/ada-lang.c:10675
    #7 0x5647854b63b8 in expr::ada_funcall_operation::evaluate(type*, expression*, noside) /home/smarchi/src/binutils-gdb/gdb/ada-lang.c:11184
    #8 0x564786658266 in expression::evaluate(type*, noside) /home/smarchi/src/binutils-gdb/gdb/eval.c:111
    #9 0x5647871242d6 in process_print_command_args /home/smarchi/src/binutils-gdb/gdb/printcmd.c:1322
    #10 0x5647871244b3 in print_command_1 /home/smarchi/src/binutils-gdb/gdb/printcmd.c:1335
    #11 0x564787125384 in print_command /home/smarchi/src/binutils-gdb/gdb/printcmd.c:1468
    #12 0x564785caac44 in do_simple_func /home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:95
    #13 0x564785cc18f0 in cmd_func(cmd_list_element*, char const*, int) /home/smarchi/src/binutils-gdb/gdb/cli/cli-decode.c:2735
    #14 0x564787c70c68 in execute_command(char const*, int) /home/smarchi/src/binutils-gdb/gdb/top.c:574
    #15 0x564786686180 in command_handler(char const*) /home/smarchi/src/binutils-gdb/gdb/event-top.c:543
    #16 0x56478668752f in command_line_handler(std::unique_ptr<char, gdb::xfree_deleter<char> >&&) /home/smarchi/src/binutils-gdb/gdb/event-top.c:779
    #17 0x564787dcb29a in tui_command_line_handler /home/smarchi/src/binutils-gdb/gdb/tui/tui-interp.c:104
    #18 0x56478668443d in gdb_rl_callback_handler /home/smarchi/src/binutils-gdb/gdb/event-top.c:250
    #19 0x7f4efd506246 in rl_callback_read_char (/usr/lib/libreadline.so.8+0x3b246) (BuildId: 092e91fc4361b0ef94561e3ae03a75f69398acbb)

Simon