From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id ED549385AC29; Wed, 2 Feb 2022 16:27:56 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org ED549385AC29 From: "cvs-commit at gcc dot gnu.org" To: gdb-prs@sourceware.org Subject: [Bug cli/28665] CLI commands that cause crash Date: Wed, 02 Feb 2022 16:27:56 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: cli X-Bugzilla-Version: HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: minor X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gdb-prs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-prs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2022 16:27:57 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D28665 --- Comment #4 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Andrew Burgess : https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D8e454b9c61b6= d3a80ea4bc840e808e1564d94ec7 commit 8e454b9c61b6d3a80ea4bc840e808e1564d94ec7 Author: Andrew Burgess Date: Tue Dec 7 13:25:47 2021 +0000 gdb: add empty string check in parse_linespec If parse_linespec (linespec.c) is passed ARG as an empty string then we end up calling `strchr (linespec_quote_characters, '\0')`, which will return a pointer to the '\0' at the end of linespec_quote_characters. This then results in GDB calling skip_quote_char with `ARG + 1`, which is undefined behaviour (as ARG only contained a single character, the '\0'). Fix this by checking for the first character of ARG being '\0' before the call to strchr. I have additionally added an assertion that ARG can't itself be nullptr, as calling is_ada_operator with nullptr can end up calling 'startswith' on the nullptr, which is undefined behaviour. Finally, I moved the declaration of TOKEN into the body of parse_linespec, to where TOKEN is defined. This patch came about while I was working on fixes for PR cli/28665 and PR gdb/28797. The actual fixes for these two issues will be in a later commit in this series, but, with this patch in place, both of the above bugs would hit the new assertion rather than accessing invalid memory and crashing. The '\0' check is not currently ever hit, but just makes the code a little safer. Because this patch only changes the nature of the failure for the above two bugs, there's no tests here. A later commit will fix the above two issues, at which point I'll add some tests. Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=3D28665 Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=3D28797 --=20 You are receiving this mail because: You are on the CC list for the bug.=