From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-buildbot@sergiodj.net>
Received: from kwanyin.sergiodj.net (kwanyin.sergiodj.net [158.69.185.54])
 by sourceware.org (Postfix) with ESMTPS id 557F6386F812
 for <gdb-testers@sourceware.org>; Tue, 19 May 2020 18:28:41 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 557F6386F812
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [binutils-gdb] gdb: fix off-by-one error in quirk_rust_enum
From: gdb-buildbot@sergiodj.net
To: gdb-testers@sourceware.org
Message-Id: <f408d82c7a140268c3b7be35970c96d8385b5902@gdb-build>
Date: Tue, 19 May 2020 14:28:39 -0400
X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gdb-testers@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-testers mailing list <gdb-testers.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/gdb-testers>,
 <mailto:gdb-testers-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-testers/>
List-Post: <mailto:gdb-testers@sourceware.org>
List-Help: <mailto:gdb-testers-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/gdb-testers>,
 <mailto:gdb-testers-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2020 18:28:42 -0000

*** TEST RESULTS FOR COMMIT f408d82c7a140268c3b7be35970c96d8385b5902 ***

commit f408d82c7a140268c3b7be35970c96d8385b5902
Author:     Simon Marchi <simon.marchi@efficios.com>
AuthorDate: Tue May 19 14:20:23 2020 -0400
Commit:     Simon Marchi <simon.marchi@efficios.com>
CommitDate: Tue May 19 14:20:23 2020 -0400

    gdb: fix off-by-one error in quirk_rust_enum
    
    Found by inspection, so I don't have a test for it (I don't think it
    would be easy to have this bug cause a failure reliably).
    
    We allocate space for N fields into `new_fields`, then memcpy N fields
    at `new_fields + 1`.  This overflows the allocated buffer by one field.
    
    Fix it by allocating `N + 1` fields.
    
    gdb/ChangeLog:
    
            * dwarf2/read.c (quirk_rust_enum): Allocate enough fields.

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index f62557da6c..ac0beef5ad 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,7 @@
+2020-05-19  Simon Marchi  <simon.marchi@efficios.com>
+
+	* dwarf2/read.c (quirk_rust_enum): Allocate enough fields.
+
 2020-05-19  Pedro Alves  <palves@redhat.com>
 
 	* NEWS (set exec-file-mismatch): Adjust entry.
diff --git a/gdb/dwarf2/read.c b/gdb/dwarf2/read.c
index 0c6182bbf3..2ab7c5c331 100644
--- a/gdb/dwarf2/read.c
+++ b/gdb/dwarf2/read.c
@@ -9420,7 +9420,7 @@ quirk_rust_enum (struct type *type, struct objfile *objfile)
       /* Make space for the discriminant field.  */
       struct field *disr_field = &TYPE_FIELD (disr_type, 0);
       field *new_fields
-	= (struct field *) TYPE_ZALLOC (type, (TYPE_NFIELDS (type)
+	= (struct field *) TYPE_ZALLOC (type, ((TYPE_NFIELDS (type) + 1)
 					       * sizeof (struct field)));
       memcpy (new_fields + 1, TYPE_FIELDS (type),
 	      TYPE_NFIELDS (type) * sizeof (struct field));