[binutils-gdb] Fix array out of bound access

public inbox for gdb-testers@sourceware.org
help / color / mirror / Atom feed

From: sergiodj+buildbot@sergiodj.net
To: gdb-testers@sourceware.org
Subject: [binutils-gdb] Fix array out of bound access
Date: Mon, 27 Feb 2017 17:42:00 -0000	[thread overview]
Message-ID: <2123df0ebfc7ade46784ef412226490d59f8ce05@gdb-build> (raw)

*** TEST RESULTS FOR COMMIT 2123df0ebfc7ade46784ef412226490d59f8ce05 ***

Author: Yao Qi <yao.qi@linaro.org>
Branch: master
Commit: 2123df0ebfc7ade46784ef412226490d59f8ce05

Fix array out of bound access

ASAN reports the following error,

(gdb) PASS: gdb.fortran/vla-ptr-info.exp: continue to breakpoint: pvla-associated
print &pvla^M
=================================================================^M
^[[1m^[[31m==14331==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000ea569f at pc 0x0000008eb546 bp 0x7ffde0c1dc70 sp 0x7ffde0c1dc60^M
^[[1m^[[0m^[[1m^[[34mREAD of size 1 at 0x000000ea569f thread T0^[[1m^[[0m^M
    #0 0x8eb545 in f_print_type(type*, char const*, ui_file*, int, int, type_print_options const*) ../../binutils-gdb/gdb/f-typeprint.c:89^M
    #1 0xb611e2 in type_print(type*, char const*, ui_file*, int) ../../binutils-gdb/gdb/typeprint.c:365^M
    #2 0x7b3471 in c_value_print(value*, ui_file*, value_print_options const*) ../../binutils-gdb/gdb/c-valprint.c:650^M
    #3 0xb99517 in value_print(value*, ui_file*, value_print_options const*) ../../binutils-gdb/gdb/valprint.c:1233^M
    #4 0xa42be8 in print_formatted ../../binutils-gdb/gdb/printcmd.c:321^M
    #5 0xa46ac9 in print_value(value*, format_data const*) ../../binutils-gdb/gdb/printcmd.c:1233^M
    #6 0xa46d82 in print_command_1 ../../binutils-gdb/gdb/printcmd.c:1261^M
    #7 0xa46e3e in print_command ../../binutils-gdb/gdb/printcmd.c:1267

on this line of code

      demangled_args = varstring[strlen (varstring) - 1] == ')';

because varstring is an empty string and strlen () is 0, so "strlen () - 1"
is definitely out of the bound of "varstring",

(gdb) bt 10
    at /home/yao/SourceCode/gnu/gdb/git/gdb/f-typeprint.c:56
    at /home/yao/SourceCode/gnu/gdb/git/gdb/typeprint.c:365
    at /home/yao/SourceCode/gnu/gdb/git/gdb/c-valprint.c:650
    at /home/yao/SourceCode/gnu/gdb/git/gdb/valprint.c:1236

This patch adds a pre-check that varstring is empty or not.

gdb:

2017-02-27  Yao Qi  <yao.qi@linaro.org>

	* f-typeprint.c (f_print_type): Check "varstring" is empty first.

next             reply	other threads:[~2017-02-27 17:42 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-27 17:42 sergiodj+buildbot [this message]
2017-02-27 17:42 ` Failures on Debian-s390x-native-extended-gdbserver-m64, branch master sergiodj+buildbot
2017-02-27 17:45 ` Failures on Fedora-x86_64-m64, " sergiodj+buildbot
2017-02-27 17:52 ` Failures on Ubuntu-AArch32-native-gdbserver-m32, " sergiodj+buildbot
2017-02-27 18:14 ` Failures on Debian-s390x-native-gdbserver-m64, " sergiodj+buildbot
2017-02-27 18:15 ` Failures on Ubuntu-AArch32-native-extended-gdbserver-m32, " sergiodj+buildbot
2017-02-27 18:56 ` Failures on Ubuntu-AArch32-m32, " sergiodj+buildbot
2017-02-28 16:16 ` Failures on Fedora-ppc64le-native-gdbserver-m64, " sergiodj+buildbot
2017-02-28 18:28 ` Failures on Fedora-ppc64le-native-extended-gdbserver-m64, " sergiodj+buildbot
2017-03-01  3:23 ` Failures on Fedora-ppc64be-native-gdbserver-m64, " sergiodj+buildbot
2017-03-01  4:30 ` Failures on Fedora-ppc64be-native-extended-gdbserver-m64, " sergiodj+buildbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2123df0ebfc7ade46784ef412226490d59f8ce05@gdb-build \
    --to=sergiodj+buildbot@sergiodj.net \
    --cc=gdb-testers@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).