[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Undefined behaviour in abigail::tool_utils::string_ends_with.

To: libabigail@sourceware.org
Subject: Undefined behaviour in abigail::tool_utils::string_ends_with.
From: Eric Fiselier <eric@efcs.ca>
Date: Thu, 27 Aug 2015 20:27:43 -0600
Authentication-results: sourceware.org; auth=none
Delivered-to: listarch-libabigail@sourceware.org
Delivered-to: mailing list libabigail@sourceware.org
List-help: <mailto:libabigail-help@sourceware.org>
List-post: <mailto:libabigail@sourceware.org>
List-subscribe: <mailto:libabigail-subscribe@sourceware.org>
Mailing-list: contact libabigail-help@sourceware.org; run by ezmlm
Sender: libabigail-owner@sourceware.org

Hi Doji,

Currently string_ends_with will crash if the suffix is longer than the
string. I've attached a patch that fixes this bug.

I discovered the bug by running abicompat ./a.out <lib1> <lib2>. This
command crashed because guess_file_type will call
string_ends_with("./a.out", ".tar.gz").

/Eric

diff --git a/src/abg-tools-utils.cc b/src/abg-tools-utils.cc
index 060c6c3..f255023 100644
--- a/src/abg-tools-utils.cc
+++ b/src/abg-tools-utils.cc
@@ -324,6 +324,7 @@ check_file(const string& path,
 bool
 string_ends_with(const string& str, const string& suffix)
 {
+  if (suffix.length() > str.length()) return false;
   return str.compare(str.length() - suffix.length(),
 		     suffix.length(),
 		     suffix) == 0;

Follow-Ups:
- Re: Undefined behaviour in abigail::tool_utils::string_ends_with.
  - From: Dodji Seketeli <dodji@seketeli.org>

Prev by Date: [Bug default/18838] Normalize the output of abidw
Next by Date: [Bug default/18890] New: libabigail hangs while processing DWARF
Previous by thread: [Bug default/18849] New: Add timing debugging output to libabigail and tools
Next by thread: Re: Undefined behaviour in abigail::tool_utils::string_ends_with.
Index(es):
- Date
- Thread