26986 – *** buffer overflow detected ***: expect terminated

Bug 26986 - *** buffer overflow detected ***: expect terminated

Summary: *** buffer overflow detected ***: expect terminated

Status:	UNCONFIRMED

Alias:	None

Product:	gdb
Classification:	Unclassified
Component:	testsuite (show other bugs)
Version:	HEAD

Importance:	P2 minor
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-12-01 10:31 UTC by Shahab
Modified:	2020-12-01 10:31 UTC (History)
CC List:	0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Reduced version of "gdb.linespec/cpcompletion.exp" that triggers the bug (1005 bytes, text/plain) 2020-12-01 10:31 UTC, Shahab	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Shahab 2020-12-01 10:31:28 UTC

Created attachment 13017 [details]
Reduced version of "gdb.linespec/cpcompletion.exp" that triggers the bug

Disclaimer:
This is not a GDB bug, but an "expect" issue. However, since the
development of "expect" seems to be frozen, I list the issue and its
solution here so other people will not suffer as I did.

________________________________________________________________________

Steps to reproduce:

$ configure 
$ make all-gdb $(nproc)

$ cd gdb/testsuite
$ make check RUNTESTFLAGS="        gdb.linespec/cpcompletion.exp"  #ok
$ make check RUNTESTFLAGS="--debug gdb.linespec/cpcompletion.exp"  #nok
  *** buffer overflow detected ***: expect terminated
________________________________________________________________________

Problem:
Using the "--debug" flag triggers some verbose logging in expect. There
is a 2000-byte buffer for printing each entry. However, in the case of
"gdb.linespec/cpcompletion.exp", the expected string is a completion
for the anonymous namespace that contains many function names. This
easily overruns the buffer when printing the line.

You can use the attached "reduced.exp" to reproduce the problem easily:
$ cp reduced.exp /path/to/src/gdb/testsuite/gdb.linespec"
$ make check RUNTESTFLAGS="--debug gdb.linespec/reduced.exp"
  *** buffer overflow detected ***: expect terminated
________________________________________________________________________

Solution:
Instead of vsprintf, vsnprintf must be used used to print the "bigbuf":

$ sed -i 's/vsprintf(bigbuf/vsnprintf(bigbuf,sizeof(bigbuf)/' exp_log.c
________________________________________________________________________

Final thoughts:

Although, I came up with this fix myself, it was during the submission
phase that I noticed that the same issue was observed 7 years ago
along with a patch that never found its way to code [1]. Therefore, I
did not even bother to submit again. It also should mean that each
distro "expect" package should apply its own patch.

[1] Expect / Bugs / #95 buffer overflow in exp_log.c 
https://sourceforge.net/p/expect/bugs/95/