This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH master/7.12] Fix heap-buffer-overflow in explicit_location_lex_one

From: Keith Seitz <keiths at redhat dot com>
To: Yao Qi <qiyaoltc at gmail dot com>, gdb-patches at sourceware dot org
Date: Fri, 12 Aug 2016 09:39:49 -0700
Subject: Re: [PATCH master/7.12] Fix heap-buffer-overflow in explicit_location_lex_one
Authentication-results: sourceware.org; auth=none
References: <1471005890-24205-1-git-send-email-yao.qi@linaro.org>

On 08/12/2016 05:44 AM, Yao Qi wrote:
> the code in question is:
> 
>>         /* Special case: C++ operator,.  */
>>         if (language->la_language == language_cplus
>>             && strncmp (*inp, "operator", 8)  <--- [1]
>>             && (*inp)[9] == ',')
>>           (*inp) += 9;
>>         ++(*inp);
[snip]

Yeah, that does look odd... Normally, I would not leave the result of
strcmp et al unchecked like this since those functions do not return a
boolean value. So I'd say it must have been a bad day. A really bad day.

> Is it OK?

While your patch alters the behavior ever so slightly (originally, it
was meant to skip over "operator," -- now it skips over "operator" and
the next char), I don't think that it will impact what this code
actually does. It looks good to me.

Good catch!

Keith

Follow-Ups:
- Re: [PATCH master/7.12] Fix heap-buffer-overflow in explicit_location_lex_one
  - From: Yao Qi

References:
- [PATCH master/7.12] Fix heap-buffer-overflow in explicit_location_lex_one
  - From: Yao Qi

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]