Bug 26986

Summary: *** buffer overflow detected ***: expect terminated
Product: gdb Reporter: Shahab <shahab.vahedi>
Component: testsuiteAssignee: Not yet assigned to anyone <unassigned>
Status: UNCONFIRMED ---    
Severity: minor    
Priority: P2    
Version: HEAD   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:
Attachments: Reduced version of "gdb.linespec/cpcompletion.exp" that triggers the bug

Description Shahab 2020-12-01 10:31:28 UTC 
Created attachment 13017 [details]
Reduced version of "gdb.linespec/cpcompletion.exp" that triggers the bug

Disclaimer:
This is not a GDB bug, but an "expect" issue. However, since the
development of "expect" seems to be frozen, I list the issue and its
solution here so other people will not suffer as I did.

________________________________________________________________________

Steps to reproduce:

$ configure 
$ make all-gdb $(nproc)

$ cd gdb/testsuite
$ make check RUNTESTFLAGS="        gdb.linespec/cpcompletion.exp"  #ok
$ make check RUNTESTFLAGS="--debug gdb.linespec/cpcompletion.exp"  #nok
  *** buffer overflow detected ***: expect terminated
________________________________________________________________________

Problem:
Using the "--debug" flag triggers some verbose logging in expect. There
is a 2000-byte buffer for printing each entry. However, in the case of
"gdb.linespec/cpcompletion.exp", the expected string is a completion
for the anonymous namespace that contains many function names. This
easily overruns the buffer when printing the line.

You can use the attached "reduced.exp" to reproduce the problem easily:
$ cp reduced.exp /path/to/src/gdb/testsuite/gdb.linespec"
$ make check RUNTESTFLAGS="--debug gdb.linespec/reduced.exp"
  *** buffer overflow detected ***: expect terminated
________________________________________________________________________

Solution:
Instead of vsprintf, vsnprintf must be used used to print the "bigbuf":

$ sed -i 's/vsprintf(bigbuf/vsnprintf(bigbuf,sizeof(bigbuf)/' exp_log.c
________________________________________________________________________

Final thoughts:

Although, I came up with this fix myself, it was during the submission
phase that I noticed that the same issue was observed 7 years ago
along with a patch that never found its way to code [1]. Therefore, I
did not even bother to submit again. It also should mean that each
distro "expect" package should apply its own patch.

[1] Expect / Bugs / #95 buffer overflow in exp_log.c 
https://sourceforge.net/p/expect/bugs/95/