This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[RFA] Do not crash when calling GDB with empty executable name.
- From: Joel Brobecker <brobecker at adacore dot com>
- To: gdb-patches at sourceware dot org
- Cc: Joel Brobecker <brobecker at adacore dot com>
- Date: Tue, 20 Nov 2012 23:15:33 -0800
- Subject: [RFA] Do not crash when calling GDB with empty executable name.
Hello,
This is something I stumbled on by accident, because our testsuite
Was starting GDB with an empty executable name on certain platforms.
So far, it's been pretty innocuous, but sometime in the past, it
started crashing GDB.
% gdb ''
... or ...
% gdb
(gdb) file ''
... both cause GDB to crash with an invalid free. This is because
exec_file_attach is attempting to free a string that has not been
allocated. The string is only allocated if openp is successful.
But in the case of this obviously invalid filename, openp fails,
and leaves scratch_pathname uninitialized, thus causing the xfree
to fail.
The fix is to enable the associated cleanup after we have verified
that openp was successful.
gdb/ChangeLog (By Keith Seitz <keiths@redhat.com>) [1]:
* exec.c (exec_file_attach): Move cleanup after verifying that
memory has in fact been allocated.
[1]: Keith beat me to the solution because I was busy trying to
write a testcase :-)
gdb/testsuite/ChangeLog:
* gdb.base/empty_exe.exp: New testcase.
Tested on x86_64-linux, no regression. I'm not entirely sure that
the "file" test is applicable to all platforms, but looking at
how gdb_load is implemented, it seems OK...
OK to apply?
Thanks,
--
Joel
---
gdb/exec.c | 4 ++--
gdb/testsuite/gdb.base/empty_exe.exp | 26 ++++++++++++++++++++++++++
2 files changed, 28 insertions(+), 2 deletions(-)
create mode 100644 gdb/testsuite/gdb.base/empty_exe.exp
diff --git a/gdb/exec.c b/gdb/exec.c
index 615d5c0..21d3c3c 100644
--- a/gdb/exec.c
+++ b/gdb/exec.c
@@ -225,11 +225,11 @@ exec_file_attach (char *filename, int from_tty)
&scratch_pathname);
}
#endif
+ if (scratch_chan < 0)
+ perror_with_name (filename);
cleanups = make_cleanup (xfree, scratch_pathname);
- if (scratch_chan < 0)
- perror_with_name (filename);
if (write_files)
exec_bfd = gdb_bfd_fopen (scratch_pathname, gnutarget,
FOPEN_RUB, scratch_chan);
diff --git a/gdb/testsuite/gdb.base/empty_exe.exp b/gdb/testsuite/gdb.base/empty_exe.exp
new file mode 100644
index 0000000..7c55554
--- /dev/null
+++ b/gdb/testsuite/gdb.base/empty_exe.exp
@@ -0,0 +1,26 @@
+# Copyright 2012 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+gdb_exit
+gdb_start
+
+# Make sure that the "file" command rejects an empty filename,
+# rather than crash.
+gdb_test "file ''" \
+ ": No such file or directory\\."
+
+# And to make extra sure that GDB is still alive, do a quick
+# sanity check.
+gdb_test "print 1" "= 1"
--
1.7.10.4