[pushed] Fix uninitialized value access when very first GDB command entered is <RET>

Pedro Alves palves@redhat.com
Wed Oct 29 15:01:00 GMT 2014 

While running GDB under Valgrind, I noticed that if the very first
command entered is just <RET>, GDB accesses an uninitialized value:

 $ valgrind ./gdb -q -nx
 ==26790== Memcheck, a memory error detector
 ==26790== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
 ==26790== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
 ==26790== Command: ./gdb -q -nx
 ==26790==

 (gdb)
 ==26790== Conditional jump or move depends on uninitialised value(s)
 ==26790==    at 0x619DFC: command_line_handler (event-top.c:588)
 ==26790==    by 0x7813D5: rl_callback_read_char (callback.c:220)
 ==26790==    by 0x6194B4: rl_callback_read_char_wrapper (event-top.c:166)
 ==26790==    by 0x61988A: stdin_event_handler (event-top.c:372)
 ==26790==    by 0x61847D: handle_file_event (event-loop.c:762)
 ==26790==    by 0x617964: process_event (event-loop.c:339)
 ==26790==    by 0x617A2B: gdb_do_one_event (event-loop.c:403)
 ==26790==    by 0x617A7B: start_event_loop (event-loop.c:428)
 ==26790==    by 0x6194E6: cli_command_loop (event-top.c:181)
 ==26790==    by 0x60F86B: current_interp_command_loop (interps.c:317)
 ==26790==    by 0x610A34: captured_command_loop (main.c:321)
 ==26790==    by 0x60C728: catch_errors (exceptions.c:237)
 ==26790==
 (gdb)

It's this check here:

  /* If we just got an empty line, and that is supposed to repeat the
     previous command, return the value in the global buffer.  */
  if (repeat && p == linebuffer && *p != '\\')
    {

The problem is that linebuffer's contents were never initialized at
this point.

gdb/
2014-10-29  Pedro Alves  <palves@redhat.com>

	* event-top.c (command_line_handler): Clear the first byte of
	linebuffer, when it is first allocated.
---
 gdb/ChangeLog   | 5 +++++
 gdb/event-top.c | 1 +
 2 files changed, 6 insertions(+)

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 1125b1e..58a7e98 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,5 +1,10 @@
 2014-10-29  Pedro Alves  <palves@redhat.com>
 
+	* event-top.c (command_line_handler): Clear the first byte of
+	linebuffer, when it is first allocated.
+
+2014-10-29  Pedro Alves  <palves@redhat.com>
+
 	* tui/tui.c (tui_rl_switch_mode): Wrap tui_enable/tui_disable in
 	TRY_CATCH.
 
diff --git a/gdb/event-top.c b/gdb/event-top.c
index 3f9deec..f539733 100644
--- a/gdb/event-top.c
+++ b/gdb/event-top.c
@@ -467,6 +467,7 @@ command_line_handler (char *rl)
     {
       linelength = 80;
       linebuffer = (char *) xmalloc (linelength);
+      linebuffer[0] = '\0';
     }
 
   p = linebuffer;
-- 
1.9.3

More information about the Gdb-patches mailing list