From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from barracuda.ebox.ca (barracuda.ebox.ca [96.127.255.19]) by sourceware.org (Postfix) with ESMTPS id 9A9B0386F800 for ; Tue, 19 May 2020 18:15:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 9A9B0386F800 X-ASG-Debug-ID: 1589912157-0c856e6d383c7c0001-fS2M51 Received: from smtp.ebox.ca (smtp.ebox.ca [96.127.255.82]) by barracuda.ebox.ca with ESMTP id 020iN0BEF1SdeXxF (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 19 May 2020 14:15:57 -0400 (EDT) X-Barracuda-Envelope-From: simon.marchi@efficios.com X-Barracuda-RBL-Trusted-Forwarder: 96.127.255.82 Received: from smarchi-efficios.lan (unknown [192.222.164.54]) by smtp.ebox.ca (Postfix) with ESMTP id AE0A8441D64; Tue, 19 May 2020 14:15:57 -0400 (EDT) From: Simon Marchi X-Barracuda-Effective-Source-IP: 192-222-164-54.qc.cable.ebox.net[192.222.164.54] X-Barracuda-Apparent-Source-IP: 192.222.164.54 X-Barracuda-RBL-IP: 192.222.164.54 To: gdb-patches@sourceware.org Cc: Simon Marchi Subject: [PATCH] gdb: fix off-by-one error in quirk_rust_enum Date: Tue, 19 May 2020 14:15:57 -0400 X-ASG-Orig-Subj: [PATCH] gdb: fix off-by-one error in quirk_rust_enum Message-Id: <20200519181557.1625215-1-simon.marchi@efficios.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Barracuda-Connect: smtp.ebox.ca[96.127.255.82] X-Barracuda-Start-Time: 1589912157 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://96.127.255.19:443/cgi-mod/mark.cgi X-Barracuda-Scan-Msg-Size: 1142 X-Virus-Scanned: by bsmtpd at ebox.ca X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=8.0 tests= X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.81962 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- X-Spam-Status: No, score=-25.5 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_SOFTFAIL, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2020 18:15:59 -0000 Found by inspection, so I don't have a test for it (I don't think it would be easy to have this bug cause a failure reliably). We allocate space for N fields into `new_fields`, then memcpy N fields at `new_fields + 1`. This overflows the allocated buffer by one field. Fix it by allocating `N + 1` fields. gdb/ChangeLog: * dwarf2/read.c (quirk_rust_enum): Allocate enough fields. --- gdb/dwarf2/read.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gdb/dwarf2/read.c b/gdb/dwarf2/read.c index 0c6182bbf3b9..2ab7c5c33131 100644 --- a/gdb/dwarf2/read.c +++ b/gdb/dwarf2/read.c @@ -9420,7 +9420,7 @@ quirk_rust_enum (struct type *type, struct objfile *objfile) /* Make space for the discriminant field. */ struct field *disr_field = &TYPE_FIELD (disr_type, 0); field *new_fields - = (struct field *) TYPE_ZALLOC (type, (TYPE_NFIELDS (type) + = (struct field *) TYPE_ZALLOC (type, ((TYPE_NFIELDS (type) + 1) * sizeof (struct field))); memcpy (new_fields + 1, TYPE_FIELDS (type), TYPE_NFIELDS (type) * sizeof (struct field)); -- 2.26.2