This is the mail archive of the
gdb-cvs@sourceware.org
mailing list for the GDB project.
[binutils-gdb] Fix use-after-free in number_or_range_parser
- From: Tom Tromey <tromey at sourceware dot org>
- To: gdb-cvs at sourceware dot org
- Date: 17 Aug 2018 23:13:19 -0000
- Subject: [binutils-gdb] Fix use-after-free in number_or_range_parser
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=12582533306990c9406aedd960fa411c317a67de
commit 12582533306990c9406aedd960fa411c317a67de
Author: Tom Tromey <tom@tromey.com>
Date: Wed Aug 15 18:37:00 2018 -0600
Fix use-after-free in number_or_range_parser
-fsanitize=address showed a use-after-free in number_or_range_parser.
The cause was that handle_line_of_input could stash the input into
"saved_command_line", and then this could be freed by reentrant calls.
This fixes the bug by preventing commands that are read by "commands"
from being eligible for repeating.
gdb/ChangeLog
2018-08-17 Tom Tromey <tom@tromey.com>
* cli/cli-script.c (read_next_line): Pass 0 as repeat argument to
command_line_input.
Diff:
---
gdb/ChangeLog | 5 +++++
gdb/cli/cli-script.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 9fac8cc..a40f39f 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2018-08-17 Tom Tromey <tom@tromey.com>
+
+ * cli/cli-script.c (read_next_line): Pass 0 as repeat argument to
+ command_line_input.
+
2018-08-15 Tom Tromey <tom@tromey.com>
* aarch64-linux-tdep.c (aarch64_linux_core_read_vq): Use pulongest.
diff --git a/gdb/cli/cli-script.c b/gdb/cli/cli-script.c
index 6f31a40..d03b3bc 100644
--- a/gdb/cli/cli-script.c
+++ b/gdb/cli/cli-script.c
@@ -903,7 +903,7 @@ read_next_line (void)
else
prompt_ptr = NULL;
- return command_line_input (prompt_ptr, from_tty, "commands");
+ return command_line_input (prompt_ptr, 0, "commands");
}
/* Return true if CMD's name is NAME. */