This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] Fix out-of-bounds read in tui_addr_is_displayed

From: Bogdan Harjoc <harjoc at gmail dot com>
To: gdb-patches at sourceware dot org
Date: Fri, 2 Aug 2019 18:53:07 +0300
Subject: [PATCH] Fix out-of-bounds read in tui_addr_is_displayed

In tui_addr_is_displayed(), if win_info->content.size() is less than 2, then

  win_info->content.size () - threshold

will wrap to SIZE_MAX if threshold = SCROLL_THRESHOLD = 2.

The attached patch avoids calling win_info->content[i] below with i=0
which is past the end of the vector of size 0.

Bogdan

diff --git a/gdb/tui/tui-winsource.c b/gdb/tui/tui-winsource.c
index 3de2692dee..3eb583b31d 100644
--- a/gdb/tui/tui-winsource.c
+++ b/gdb/tui/tui-winsource.c
@@ -742,7 +742,7 @@ tui_addr_is_displayed (CORE_ADDR addr,
   else
     threshold = 0;
   i = 0;
-  while (i < win_info->content.size () - threshold
+  while (i + threshold < win_info->content.size ()
 	 && !is_displayed)
     {
       is_displayed

Follow-Ups:
- Re: [PATCH] Fix out-of-bounds read in tui_addr_is_displayed
  - From: Tom Tromey

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]