[commit] Fix find buffer overflow crash (PR 14321)
Jan Kratochvil
jan.kratochvil@redhat.com
Fri Jul 6 15:54:00 GMT 2012
Hi,
I do not find the types there great (it should use size_t or CORE_ADDR
dependeing on the case instead of LONGEST/ULONGEST everywhere) but I just
applied the minimal fix for the crash.
No regressions on {x86_64,x86_64-m32,i686}-fedorarawhide-linux-gnu.
Checked in.
Thanks,
Jan
http://sourceware.org/ml/gdb-cvs/2012-07/msg00051.html
--- src/gdb/ChangeLog 2012/07/06 14:48:47 1.14443
+++ src/gdb/ChangeLog 2012/07/06 15:51:38 1.14444
@@ -1,3 +1,9 @@
+2012-07-06 Jan Kratochvil <jan.kratochvil@redhat.com>
+
+ PR 14321
+ * findcmd.c (parse_find_args): New variable pattern_buf_size_need.
+ Increase buffer sizes to 2x we need, not just 2x of the previous size.
+
2012-07-06 Tom Tromey <tromey@redhat.com>
* c-exp.y (DOTDOTDOT): New token.
--- src/gdb/testsuite/ChangeLog 2012/07/06 14:48:48 1.3278
+++ src/gdb/testsuite/ChangeLog 2012/07/06 15:51:39 1.3279
@@ -1,3 +1,9 @@
+2012-07-06 Jan Kratochvil <jan.kratochvil@redhat.com>
+
+ PR 14321
+ * gdb.base/find.exp
+ (find int64_search_buf, +64/8*100, int64_search_buf): New test.
+
2012-07-06 Tom Tromey <tromey@redhat.com>
* gdb.base/whatis.exp: Add test.
--- src/gdb/findcmd.c 2012/01/04 08:17:02 1.18
+++ src/gdb/findcmd.c 2012/07/06 15:51:39 1.19
@@ -170,6 +170,7 @@
{
LONGEST x;
int val_bytes;
+ ULONGEST pattern_buf_size_need;
while (isspace (*s))
++s;
@@ -179,12 +180,13 @@
/* Keep it simple and assume size == 'g' when watching for when we
need to grow the pattern buf. */
- if ((pattern_buf_end - pattern_buf + max (val_bytes, sizeof (int64_t)))
- > pattern_buf_size)
+ pattern_buf_size_need = (pattern_buf_end - pattern_buf
+ + max (val_bytes, sizeof (int64_t)));
+ if (pattern_buf_size_need > pattern_buf_size)
{
size_t current_offset = pattern_buf_end - pattern_buf;
- pattern_buf_size *= 2;
+ pattern_buf_size = pattern_buf_size_need * 2;
pattern_buf = xrealloc (pattern_buf, pattern_buf_size);
pattern_buf_end = pattern_buf + current_offset;
}
--- src/gdb/testsuite/gdb.base/find.exp 2012/05/18 15:31:41 1.11
+++ src/gdb/testsuite/gdb.base/find.exp 2012/07/06 15:51:40 1.12
@@ -182,3 +182,6 @@
"${hex_number}${one_pattern_found}" \
"find pattern straddling chunk boundary"
}
+
+# Check GDB buffer overflow.
+gdb_test "find int64_search_buf, +64/8*100, int64_search_buf" " <int64_search_buf>\r\n1 pattern found\\."
More information about the Gdb-patches
mailing list