From: Shahab Vahedi <shahab.vahedi@gmail.com>
To: gdb-patches@sourceware.org
Cc: Shahab Vahedi <shahab@synopsys.com>,
Pedro Alves <palves@redhat.com>,
Andrew Burgess <andrew.burgess@embecosm.com>,
Claudiu Zissulescu <claziss@synopsys.com>,
Francois Bedard <fbedard@synopsys.com>
Subject: [PATCH v3] GDB: Fix the overflow in addr/line_is_displayed()
Date: Mon, 06 Jan 2020 14:27:00 -0000 [thread overview]
Message-ID: <20200106142732.32733-1-shahab.vahedi@gmail.com> (raw)
In-Reply-To: <45a718f7-e905-e7b1-1596-6ef6c4204176@redhat.com>
From: Shahab Vahedi <shahab@synopsys.com>
In tui_disasm_window::addr_is_displayed(), there can be situations
where "content" is empty. For instance, it can happen when the
"content" was not filled in tui_disasm_window::set_contents(),
because tui_disassemble() threw an exception. Usually this exception
is the result of fetching invalid PC addresses like the ones beyond
the end of the program.
Having "content.size ()" zero leads to an overflow in this condition
check inside tui_disasm_window::addr_is_displayed():
int i = 0;
while (i < content.size () - threshold ...) {
... content[i] ...
}
"threshold" is 2 and there are times that "content.size ()" is 0.
This results into an overflow and the loop is entered whereas it
should have been skipped. Finally, "content[i]" access leads to
a segmentation fault.
Same problem applies to tui_source_window::line_is_displayed().
The issue has been discussed at length in bug 25345:
https://sourceware.org/bugzilla/show_bug.cgi?id=25345
This commit avoids the segmentation faults with an early check:
if (contet.size () < SCROLL_THRESHOLD)
return false;
Moreover, those functions have been overhauled to a leaner code.
gdb/ChangeLog:
2020-01-06 Shahab Vahedi <shahab@synopsys.com>
* tui/tui-disasm.c (tui_disasm_window::addr_is_displayed):
Avoid overflow by an early check of content vs threshold.
* tui/tui-source.c (tui_source_window::line_is_displayed):
Likewise.
---
gdb/tui/tui-disasm.c | 16 +++++++---------
gdb/tui/tui-source.c | 17 ++++++++---------
2 files changed, 15 insertions(+), 18 deletions(-)
diff --git a/gdb/tui/tui-disasm.c b/gdb/tui/tui-disasm.c
index ebd0ba317f5..98c691f3387 100644
--- a/gdb/tui/tui-disasm.c
+++ b/gdb/tui/tui-disasm.c
@@ -348,19 +348,17 @@ tui_disasm_window::location_matches_p (struct bp_location *loc, int line_no)
bool
tui_disasm_window::addr_is_displayed (CORE_ADDR addr) const
{
- bool is_displayed = false;
- int threshold = SCROLL_THRESHOLD;
+ if (content.size () < SCROLL_THRESHOLD)
+ return false;
- int i = 0;
- while (i < content.size () - threshold && !is_displayed)
+ for (size_t i = 0; i < content.size () - SCROLL_THRESHOLD; ++i)
{
- is_displayed
- = (content[i].line_or_addr.loa == LOA_ADDRESS
- && content[i].line_or_addr.u.addr == addr);
- i++;
+ if (content[i].line_or_addr.loa == LOA_ADDRESS
+ && content[i].line_or_addr.u.addr == addr)
+ return true;
}
- return is_displayed;
+ return false;
}
void
diff --git a/gdb/tui/tui-source.c b/gdb/tui/tui-source.c
index e028b724d23..1503cd4c636 100644
--- a/gdb/tui/tui-source.c
+++ b/gdb/tui/tui-source.c
@@ -174,18 +174,17 @@ tui_source_window::location_matches_p (struct bp_location *loc, int line_no)
bool
tui_source_window::line_is_displayed (int line) const
{
- bool is_displayed = false;
- int threshold = SCROLL_THRESHOLD;
- int i = 0;
- while (i < content.size () - threshold && !is_displayed)
+ if (content.size () < SCROLL_THRESHOLD)
+ return false;
+
+ for (size_t i = 0; i < content.size () - SCROLL_THRESHOLD; ++i)
{
- is_displayed
- = (content[i].line_or_addr.loa == LOA_LINE
- && content[i].line_or_addr.u.line_no == line);
- i++;
+ if (content[i].line_or_addr.loa == LOA_LINE
+ && content[i].line_or_addr.u.line_no == line)
+ return true;
}
- return is_displayed;
+ return false;
}
void
--
2.24.1
next prev parent reply other threads:[~2020-01-06 14:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200106102649.15710-1-shahab.vahedi@gmail.com>
2020-01-06 12:18 ` [PATCH v2] GDB: Fix the overflow in addr_is_displayed() Pedro Alves
2020-01-06 12:43 ` Shahab Vahedi
2020-01-06 13:03 ` Pedro Alves
2020-01-06 14:27 ` Shahab Vahedi [this message]
2020-01-06 19:55 ` [PATCH v3] GDB: Fix the overflow in addr/line_is_displayed() Pedro Alves
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200106142732.32733-1-shahab.vahedi@gmail.com \
--to=shahab.vahedi@gmail.com \
--cc=andrew.burgess@embecosm.com \
--cc=claziss@synopsys.com \
--cc=fbedard@synopsys.com \
--cc=gdb-patches@sourceware.org \
--cc=palves@redhat.com \
--cc=shahab@synopsys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox