public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug testsuite/26986] New: *** buffer overflow detected ***: expect terminated
@ 2020-12-01 10:31 shahab.vahedi at gmail dot com
0 siblings, 0 replies; only message in thread
From: shahab.vahedi at gmail dot com @ 2020-12-01 10:31 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=26986
Bug ID: 26986
Summary: *** buffer overflow detected ***: expect terminated
Product: gdb
Version: HEAD
Status: UNCONFIRMED
Severity: minor
Priority: P2
Component: testsuite
Assignee: unassigned at sourceware dot org
Reporter: shahab.vahedi at gmail dot com
Target Milestone: ---
Created attachment 13017
--> https://sourceware.org/bugzilla/attachment.cgi?id=13017&action=edit
Reduced version of "gdb.linespec/cpcompletion.exp" that triggers the bug
Disclaimer:
This is not a GDB bug, but an "expect" issue. However, since the
development of "expect" seems to be frozen, I list the issue and its
solution here so other people will not suffer as I did.
________________________________________________________________________
Steps to reproduce:
$ configure
$ make all-gdb $(nproc)
$ cd gdb/testsuite
$ make check RUNTESTFLAGS=" gdb.linespec/cpcompletion.exp" #ok
$ make check RUNTESTFLAGS="--debug gdb.linespec/cpcompletion.exp" #nok
*** buffer overflow detected ***: expect terminated
________________________________________________________________________
Problem:
Using the "--debug" flag triggers some verbose logging in expect. There
is a 2000-byte buffer for printing each entry. However, in the case of
"gdb.linespec/cpcompletion.exp", the expected string is a completion
for the anonymous namespace that contains many function names. This
easily overruns the buffer when printing the line.
You can use the attached "reduced.exp" to reproduce the problem easily:
$ cp reduced.exp /path/to/src/gdb/testsuite/gdb.linespec"
$ make check RUNTESTFLAGS="--debug gdb.linespec/reduced.exp"
*** buffer overflow detected ***: expect terminated
________________________________________________________________________
Solution:
Instead of vsprintf, vsnprintf must be used used to print the "bigbuf":
$ sed -i 's/vsprintf(bigbuf/vsnprintf(bigbuf,sizeof(bigbuf)/' exp_log.c
________________________________________________________________________
Final thoughts:
Although, I came up with this fix myself, it was during the submission
phase that I noticed that the same issue was observed 7 years ago
along with a patch that never found its way to code [1]. Therefore, I
did not even bother to submit again. It also should mean that each
distro "expect" package should apply its own patch.
[1] Expect / Bugs / #95 buffer overflow in exp_log.c
https://sourceforge.net/p/expect/bugs/95/
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-12-01 10:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-01 10:31 [Bug testsuite/26986] New: *** buffer overflow detected ***: expect terminated shahab.vahedi at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).