From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-75608-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 28341 invoked by alias); 16 Sep 2010 17:51:36 -0000
Received: (qmail 28332 invoked by uid 22791); 16 Sep 2010 17:51:35 -0000
X-SWARE-Spam-Status: No, hits=-2.1 required=5.0	tests=AWL,BAYES_00,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from mail.codesourcery.com (HELO mail.codesourcery.com) (38.113.113.100)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 16 Sep 2010 17:51:30 +0000
Received: (qmail 13601 invoked from network); 16 Sep 2010 17:51:28 -0000
Received: from unknown (HELO caradoc.them.org) (dan@127.0.0.2)  by mail.codesourcery.com with ESMTPA; 16 Sep 2010 17:51:28 -0000
Date: Thu, 16 Sep 2010 19:17:00 -0000
From: Daniel Jacobowitz <dan@codesourcery.com>
To: Ali Lakhia <lakhia@alumni.utexas.net>
Cc: gdb-patches@sourceware.org
Subject: Re: [patch] [trivial] fix NULL deref
Message-ID: <20100916175122.GA18399@caradoc.them.org>
Mail-Followup-To: Ali Lakhia <lakhia@alumni.utexas.net>,	gdb-patches@sourceware.org
References: <AANLkTikJnzZjGd0LsBMm2TifpkAjvjJ+qDRkQ-qmz9dx@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <AANLkTikJnzZjGd0LsBMm2TifpkAjvjJ+qDRkQ-qmz9dx@mail.gmail.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2010-09/txt/msg00303.txt.bz2

On Thu, Sep 16, 2010 at 10:26:27AM -0700, Ali Lakhia wrote:
> Please see patch to fix NULL dereference in strchr() function. Thanks.

Interesting.  How did you find this problem?  I don't think this
function can ever be called.

> 
> -Ali
> 
> --- gdb-7.1/gdb/fork-child.c    2009-12-31 23:31:31.000000000 -0800
> +++ gdb-7.1/gdb/fork-child.c 2010-09-16 10:17:25.000000000 -0700
> @@ -52,7 +52,7 @@
>  static void
>  breakup_args (char *scratch, char **argv)
>  {
> -  char *cp = scratch;
> +  char *cp = scratch, *tmp;
> 
>    for (;;)
>      {
> @@ -68,15 +68,16 @@
>        *argv++ = cp;
> 
>        /* Scan for next arg separator.  */
> -      cp = strchr (cp, ' ');
> -      if (cp == NULL)
> -       cp = strchr (cp, '\t');
> -      if (cp == NULL)
> -       cp = strchr (cp, '\n');
> +      tmp = strchr (cp, ' ');
> +      if (tmp == NULL)
> +       tmp = strchr (cp, '\t');
> +      if (tmp == NULL)
> +       tmp = strchr (cp, '\n');
> 
>        /* No separators => end of string => break.  */
> -      if (cp == NULL)
> +      if (tmp == NULL)
>         break;
> +      cp = tmp;
> 
>        /* Replace the separator with a terminator.  */
>        *cp++ = '\0';
> 

-- 
Daniel Jacobowitz
CodeSourcery