Mirror of the gdb-patches mailing list
 help / color / mirror / Atom feed
* [PATCH] Segmentation fault when using the completion for interpreter
@ 2006-07-12 14:15 Denis PILAT
  2006-07-12 17:14 ` Daniel Jacobowitz
  0 siblings, 1 reply; 6+ messages in thread
From: Denis PILAT @ 2006-07-12 14:15 UTC (permalink / raw)
  To: gdb-patches

[-- Attachment #1: Type: text/plain, Size: 482 bytes --]

I found a bug in gdb: when using the completion after the cli command
"interpreter-exec", an out-of-bound access occures.

Attached is a patch proposal that fixes it.

There were 2 problems in the original code in file interps.c, function 
interpreter_completer:
- the case of (num_matches == alloced) was not handled. In that case the 
matches list it not terminated by NULL.
- the xrealloc done at the end is useless since the num_matches is 
always <= alloced.

-- 
Denis PILAT


[-- Attachment #2: ChangeLog --]
[-- Type: text/plain, Size: 169 bytes --]

2006-07-12  Denis PILAT  <denis.pilat@st.com>

	* interps.c (interpreter_completer): Allocate one more item to the
	'matches' list and set them all to 0 with a xcalloc.

[-- Attachment #3: interps.c.patch --]
[-- Type: text/plain, Size: 1046 bytes --]

Index: interps.c
===================================================================
--- interps.c	(revision 486)
+++ interps.c	(working copy)
@@ -424,10 +424,11 @@ interpreter_completer (char *text, char 
   struct interp *interp;
 
   /* We expect only a very limited number of interpreters, so just
-     allocate room for all of them. */
+     allocate room for all of them plus one for the last that must be NULL
+     to correctly end the list. */
   for (interp = interp_list; interp != NULL; interp = interp->next)
     ++alloced;
-  matches = (char **) xmalloc (alloced * sizeof (char *));
+  matches = (char **) xcalloc (alloced + 1, sizeof (char *));
 
   num_matches = 0;
   textlen = strlen (text);
@@ -460,12 +461,6 @@ interpreter_completer (char *text, char 
       xfree (matches);
       matches = NULL;
     }
-  else if (num_matches < alloced)
-    {
-      matches = (char **) xrealloc ((char *) matches, ((num_matches + 1)
-						       * sizeof (char *)));
-      matches[num_matches] = NULL;
-    }
 
   return matches;
 }

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-07-17 11:55 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-07-12 14:15 [PATCH] Segmentation fault when using the completion for interpreter Denis PILAT
2006-07-12 17:14 ` Daniel Jacobowitz
2006-07-13  9:05   ` Andrew STUBBS
2006-07-16  4:12   ` Joel Brobecker
2006-07-17  8:17     ` Denis PILAT
2006-07-17 11:55     ` Andrew STUBBS

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox