From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16908 invoked by alias); 5 Dec 2012 17:02:41 -0000 Received: (qmail 16880 invoked by uid 22791); 5 Dec 2012 17:02:37 -0000 X-SWARE-Spam-Status: No, hits=-1.0 required=5.0 tests=AWL,BAYES_00,MSGID_MULTIPLE_AT X-Spam-Check-By: sourceware.org Received: from mailhost.u-strasbg.fr (HELO mailhost.u-strasbg.fr) (130.79.200.155) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 05 Dec 2012 17:02:07 +0000 Received: from md14.u-strasbg.fr (md14.u-strasbg.fr [130.79.200.249]) by mailhost.u-strasbg.fr (8.14.3/jtpda-5.5pre1) with ESMTP id qB5H20dZ081855 for ; Wed, 5 Dec 2012 18:02:00 +0100 (CET) (envelope-from pierre.muller@ics-cnrs.unistra.fr) Received: from mailserver.u-strasbg.fr (ms11.u-strasbg.fr [130.79.204.111]) by md14.u-strasbg.fr (8.14.3/jtpda-5.5pre1) with ESMTP id qB5H1x8o013364 for ; Wed, 5 Dec 2012 18:02:00 +0100 Received: from E6510Muller (gw-ics.u-strasbg.fr [130.79.210.225]) (user=mullerp mech=LOGIN) by mailserver.u-strasbg.fr (8.14.3/jtpda-5.5pre1) with ESMTP id qB5H1x1M026024 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Wed, 5 Dec 2012 18:01:59 +0100 (envelope-from pierre.muller@ics-cnrs.unistra.fr) From: "Pierre Muller" To: Subject: [RFA] Avoid calling stat with empty name in relocate_gdb_directory Date: Wed, 05 Dec 2012 17:02:00 -0000 Message-ID: <000001cdd30a$3dbca7c0$b935f740$@muller@ics-cnrs.unistra.fr> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-12/txt/msg00074.txt.bz2 With the troubles that I have with my patch, I started looking into a memory debugger... I finally started to use drmemory for mingw compiled GDB executables. This tool reports Error #1: UNADDRESSABLE ACCESS: reading 0x01fb3a21-0x01fb3a22 1 byte(s) # 0 msvcrt.dll!_stat32 # 1 relocate_gdb_directory [../../puresrc/gdb/main.c:129] # 2 captured_main [../../puresrc/gdb/main.c:391] # 3 catch_errors [../../puresrc/gdb/exceptions.c:546] # 4 gdb_main [../../puresrc/gdb/main.c:1041] # 5 main [../../puresrc/gdb/gdb.c:34] Note: @0:00:00.733 in thread 6596 Note: refers to 1 byte(s) beyond last valid byte in prior malloc Note: prev lower malloc: 0x01fb3a20-0x01fb3a21 Note: instruction: cmp 0x01(%edi) $0x3a line 129 of main.c is: if (stat (dir, &s) != 0 || !S_ISDIR (s.st_mode)) The unauthorized access is due to a call to stat function with dir = "" it seems that dir[1] is access despite the fact that (dir[0]=='\0') I don't know if stat is supposed to handle (*dir == '\0'), but I thought that it should anyhow succeed in that case, so the patch below simply don't call stat if name is empty. Tell me if you rather think that this is a msvcrt bug that should not be fixed in GDB... Pierre Muller GDB pascal language maintainer 2012-12-05 Pierre Muller * main.c (relocate_gdb_directory): Avoid calling stat function if DIR is empty. Index: src/gdb/main.c =================================================================== RCS file: /cvs/src/src/gdb/main.c,v retrieving revision 1.115 diff -u -p -r1.115 main.c --- src/gdb/main.c 16 Nov 2012 19:43:38 -0000 1.115 +++ src/gdb/main.c 5 Dec 2012 16:54:40 -0000 @@ -126,7 +126,7 @@ relocate_gdb_directory (const char *init { struct stat s; - if (stat (dir, &s) != 0 || !S_ISDIR (s.st_mode)) + if (*dir == '\0' || stat (dir, &s) != 0 || !S_ISDIR (s.st_mode)) { xfree (dir); dir = NULL; ~