Bug 18311 - tui_expand_tabs writes past the end of the buffers it allocates
Summary: tui_expand_tabs writes past the end of the buffers it allocates
Status: RESOLVED FIXED
Alias: None
Product: gdb
Classification: Unclassified
Component: tui (show other bugs)
Version: 7.9
: P2 critical
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-23 17:57 UTC by Eli Zaretskii
Modified: 2015-04-23 20:46 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
patch used to fix the bug (938 bytes, patch)
2015-04-23 18:02 UTC, Eli Zaretskii
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eli Zaretskii 2015-04-23 17:57:48 UTC
tui_expand_tabs writes past the end of the buffers it allocates
because we forget to zero out col.  This results in us adding more
spaces than we need to get aligned, and we write past the end of the
allocated buffer.

This was noticed on Ubuntu Vivid ppc64le, where gdb would SEGV when
using the TUI.

Reported by Anton Blanchard <anton@samba.org>.
Comment 1 Eli Zaretskii 2015-04-23 18:02:54 UTC
Created attachment 8263 [details]
patch used to fix the bug
Comment 2 Eli Zaretskii 2015-04-23 18:03:27 UTC
Fixed with the attached patch.
Comment 3 Joel Brobecker 2015-04-23 20:46:51 UTC
URL to discussion on gdb-patches:
https://www.sourceware.org/ml/gdb-patches/2015-03/msg00472.html