[PATCH] Segmentation fault when using the completion for interpreter

[Denis PILAT <denis.pilat@st.com>]

[-- Attachment #1: Type: text/plain, Size: 482 bytes --]

I found a bug in gdb: when using the completion after the cli command
"interpreter-exec", an out-of-bound access occures.

Attached is a patch proposal that fixes it.

There were 2 problems in the original code in file interps.c, function 
interpreter_completer:
- the case of (num_matches == alloced) was not handled. In that case the 
matches list it not terminated by NULL.
- the xrealloc done at the end is useless since the num_matches is 
always <= alloced.

-- 
Denis PILAT


[-- Attachment #2: ChangeLog --]
[-- Type: text/plain, Size: 169 bytes --]

2006-07-12  Denis PILAT  <denis.pilat@st.com>

	* interps.c (interpreter_completer): Allocate one more item to the
	'matches' list and set them all to 0 with a xcalloc.

[-- Attachment #3: interps.c.patch --]
[-- Type: text/plain, Size: 1046 bytes --]

Index: interps.c
===================================================================
--- interps.c	(revision 486)
+++ interps.c	(working copy)
@@ -424,10 +424,11 @@ interpreter_completer (char *text, char 
   struct interp *interp;
 
   /* We expect only a very limited number of interpreters, so just
-     allocate room for all of them. */
+     allocate room for all of them plus one for the last that must be NULL
+     to correctly end the list. */
   for (interp = interp_list; interp != NULL; interp = interp->next)
     ++alloced;
-  matches = (char **) xmalloc (alloced * sizeof (char *));
+  matches = (char **) xcalloc (alloced + 1, sizeof (char *));
 
   num_matches = 0;
   textlen = strlen (text);
@@ -460,12 +461,6 @@ interpreter_completer (char *text, char 
       xfree (matches);
       matches = NULL;
     }
-  else if (num_matches < alloced)
-    {
-      matches = (char **) xrealloc ((char *) matches, ((num_matches + 1)
-						       * sizeof (char *)));
-      matches[num_matches] = NULL;
-    }
 
   return matches;
 }