This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Fix for pr16196: Honor fetch limit for strings of known size


The enclosed patch fixes 16196, which was revealed when an unitialized
C++ string happened to point to valid memory and had a garbage in the
size field that happened to look very large. GDB then spins a very
long time reading invalid memory.

The patch fixes this by enforcing the fetch limit (which, in turn, is
set by print elements) even when the size of the string is known. This
makes the function's behavior similar to when the size of the string
isn't know.

I checked all callers, and it this does not cause any difference in
behavior, and reveals no new problems in the test-suite.

Thanks

Sterling

2013-11-22  Sterling Augustine  <saugustine@google.com>

     PR backtrace/16196:
     * valprint.c (read_string): Set new variable fetchlen based on
     fetchlimit and size.  Use it in call to partial_memory_read.
     Update comment.
diff --git a/gdb/valprint.c b/gdb/valprint.c
index ea877f3..ecc3411 100644
--- a/gdb/valprint.c
+++ b/gdb/valprint.c
@@ -1757,11 +1757,13 @@ partial_memory_read (CORE_ADDR memaddr, gdb_byte *myaddr,
    free, and BYTES_READ will be set to the number of bytes read.  Returns 0 on
    success, or a target_xfer_error on failure.
 
-   If LEN > 0, reads exactly LEN characters (including eventual NULs in
-   the middle or end of the string).  If LEN is -1, stops at the first
-   null character (not necessarily the first null byte) up to a maximum
-   of FETCHLIMIT characters.  Set FETCHLIMIT to UINT_MAX to read as many
-   characters as possible from the string.
+   If LEN > 0, reads the lesser of LEN or FETCHLIMIT characters
+   (including eventual NULs in the middle or end of the string).
+
+   If LEN is -1, stops at the first null character (not necessarily
+   the first null byte) up to a maximum of FETCHLIMIT characters.  Set
+   FETCHLIMIT to UINT_MAX to read as many characters as possible from
+   the string.
 
    Unless an exception is thrown, BUFFER will always be allocated, even on
    failure.  In this case, some characters might have been read before the
@@ -1807,10 +1809,12 @@ read_string (CORE_ADDR addr, int len, int width, unsigned int fetchlimit,
 
   if (len > 0)
     {
-      *buffer = (gdb_byte *) xmalloc (len * width);
+      unsigned int fetchlen = min (len, fetchlimit);
+
+      *buffer = (gdb_byte *) xmalloc (fetchlen * width);
       bufptr = *buffer;
 
-      nfetch = partial_memory_read (addr, bufptr, len * width, &errcode)
+      nfetch = partial_memory_read (addr, bufptr, fetchlen * width, &errcode)
 	/ width;
       addr += nfetch * width;
       bufptr += nfetch * width;

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]