From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-13691-listarch-gdb-patches=sourceware.cygnus.com@sources.redhat.com>
Received: (qmail 18975 invoked by alias); 27 Mar 2002 17:40:40 -0000
Mailing-List: contact gdb-patches-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:gdb-patches-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sources.redhat.com>
List-Help: <mailto:gdb-patches-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: gdb-patches-owner@sources.redhat.com
Received: (qmail 18958 invoked from network); 27 Mar 2002 17:40:38 -0000
Received: from unknown (HELO localhost.redhat.com) (216.138.202.10)
  by sources.redhat.com with SMTP; 27 Mar 2002 17:40:38 -0000
Received: from cygnus.com (localhost [127.0.0.1])
	by localhost.redhat.com (Postfix) with ESMTP
	id 0B69E3E3F; Wed, 27 Mar 2002 12:38:53 -0500 (EST)
Message-ID: <3CA203AC.2090005@cygnus.com>
Date: Wed, 27 Mar 2002 09:40:00 -0000
From: Andrew Cagney <ac131313@cygnus.com>
User-Agent: Mozilla/5.0 (X11; U; NetBSD macppc; en-US; rv:0.9.8) Gecko/20020210
X-Accept-Language: en-us
MIME-Version: 1.0
To: Jason Molenda <jason-swarelist@molenda.com>
Cc: gdb-patches@sources.redhat.com
Subject: Re: Minor off-by-one error in command_line_handler
References: <20020327000106.A24311@molenda.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-SW-Source: 2002-03/txt/msg00543.txt.bz2

> The other problem is with the ALL_BLOCK_SYMBOLS macro.  It looks
> like this
> 
> /* Macro to loop through all symbols in a block BL.
>    i counts which symbol we are looking at, and sym points to the current
>    symbol.  */
> #define ALL_BLOCK_SYMBOLS(bl, i, sym)                   \
>         for ((i) = 0, (sym) = BLOCK_SYM ((bl), (i));    \
>              (i) < BLOCK_NSYMS ((bl));                  \
>              ++(i), (sym) = BLOCK_SYM ((bl), (i)))
> 
> Where the block structure (BL) ends with an array of pointers to
> symbols.  The third expression in the for statement increments the
> index variable and reads the address at the i'th element of the
> bl->sym[] array.
> 
> So when a block has 2 symbols, bl->sym[0] and bl->sym[1] contain
> values.  On the last evaluation of this loop, i is pre-incremented
> from 1 to 2 and the statement 'sym = bl->nsym[2]' is done - we're
> reading one element past the end of the array.
> 
> The invalid memory we just read is not used -- the conditional
> expression is then evaluated and the loop exits.  The only way
> I can see this causing a problem is on a system where reading
> that unallocated word of memory would cause a segfault.  Unless
> other people have heard complaints about gdb 5.1 doing so, I
> don't think this is worth worrying about. 

Yes I'd agree. Perhaphs create a very non-critical bug report for this one.

Andrew