[Bug gdb/26901] New: Python array subscript fails with flexible array member without size

public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed

From: "simark at simark dot ca" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug gdb/26901] New: Python array subscript fails with flexible array member without size
Date: Sun, 15 Nov 2020 02:47:00 +0000	[thread overview]
Message-ID: <bug-26901-4717@http.sourceware.org/bugzilla/> (raw)

https://sourceware.org/bugzilla/show_bug.cgi?id=26901

            Bug ID: 26901
           Summary: Python array subscript fails with flexible array
                    member without size
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: simark at simark dot ca
  Target Milestone: ---

Consider this program:

---
#include <stdlib.h>

struct vectorinox
{
  int size;
  int data[];
};

int main (void)
{
    /* Make a vector of three elements.  */
    struct vectorinox *vector = malloc (sizeof (struct vectorinox) +
sizeof(int) * 3);
    vector->size = 3;
    vector->data[0] = 11;
    vector->data[1] = 22;
    vector->data[2] = 33;

    return 0;
}
---

Trying to access an element of the `data` array in Python yields:

>>> vec = gdb.parse_and_eval('vector')
>>> data = vec['data']
>>> print(data[0])
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
gdb.MemoryError: Cannot access memory at address 0x5535555592a0

And with GDB 9.2:

>>> vec = gdb.parse_and_eval('vector')
>>> data = vec['data']
>>> print(data[0])
11

This failure was introduced by commit 7c6f27129631 ("gdb: make
get_discrete_bounds check for non-constant range bounds").  Unfortunately, this
commit doesn't build, but it's trivial to fix if you want to try it: just
remove the parenthesis after `kind` that it introduces.

val_subscript passes the array's index type (of type code TYPE_CODE_RANGE) to
get_discrete_bounds.  The index type has the low bound set to constant 0 and
the high bound unknown.  Before the commit, get_discrete_bounds would return
"success" and set the low and high bound to 0.  Although it's a bit by chance
that it returned 0 for the high bound, since the bound was "unknown".  It
doesn't really matter in that case because the high bound doesn't get used by
the caller.

After the commit, the new check in get_discrete_bounds sees that the high bound
isn't a constant, so returns "failure".  However, val_subscript doesn't check
the return value, and uses the uninitialized values of low and high bounds, and
it goes downhill from there.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

next             reply	other threads:[~2020-11-15  2:47 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-15  2:47 simark at simark dot ca [this message]
2020-11-15  2:50 ` [Bug gdb/26901] Array " simark at simark dot ca
2020-11-15  2:50 ` simark at simark dot ca
2020-11-16 18:21 ` simark at simark dot ca
2020-12-03 19:01 ` simark at simark dot ca
2020-12-09 18:53 ` cvs-commit at gcc dot gnu.org
2020-12-09 21:34 ` cvs-commit at gcc dot gnu.org
2020-12-09 22:11 ` simark at simark dot ca
2021-06-27 18:00 ` ahmedsayeed1982 at yahoo dot com
2021-08-10 12:45 ` ucelsanicin at yahoo dot com
2021-09-02 11:06 ` donipah907 at mtlcz dot com
2021-09-02 11:16 ` mark at klomp dot org
2021-09-06  9:09 ` focixujo at livinginsurance dot co.uk
2021-09-10 19:39 ` mehmetgelisin at aol dot com
2021-09-22 10:19 ` diheto5497 at secbuf dot com
2021-10-09 11:00 ` gulsenenginar at aol dot com
2021-10-17 19:49 ` vmireskazki at gmail dot com
2021-10-19  7:15 ` progonsaytu at gmail dot com
2021-10-24 10:02 ` glassmtech at ukr dot net
2021-11-25 13:58 ` mdxconcepts0008 at gmail dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-26901-4717@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=gdb-prs@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).