From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18515 invoked by alias); 12 Jul 2006 14:15:54 -0000 Received: (qmail 18487 invoked by uid 22791); 12 Jul 2006 14:15:53 -0000 X-Spam-Check-By: sourceware.org Received: from lon-del-04.spheriq.net (HELO lon-del-04.spheriq.net) (195.46.50.101) by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 12 Jul 2006 14:15:50 +0000 Received: from lon-out-02.spheriq.net ([195.46.50.130]) by lon-del-04.spheriq.net with ESMTP id k6CEFhkD019448 for ; Wed, 12 Jul 2006 14:15:43 GMT Received: from lon-cus-02.spheriq.net (lon-cus-02.spheriq.net [195.46.50.38]) by lon-out-02.spheriq.net with ESMTP id k6CEFdXM032764 for ; Wed, 12 Jul 2006 14:15:40 GMT Received: from beta.dmz-eu.st.com (beta.dmz-eu.st.com [164.129.1.35]) by lon-cus-02.spheriq.net with ESMTP id k6CEFYQR025343 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Wed, 12 Jul 2006 14:15:38 GMT Received: from zeta.dmz-eu.st.com (ns2.st.com [164.129.230.9]) by beta.dmz-eu.st.com (STMicroelectronics) with ESMTP id DC9E1DCEA for ; Wed, 12 Jul 2006 14:02:19 +0000 (GMT) Received: from mail1.cro.st.com (mail1.cro.st.com [164.129.40.131]) by zeta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 63891472C0 for ; Wed, 12 Jul 2006 14:02:19 +0000 (GMT) Received: from st.com (crx1177.cro.st.com [164.129.47.77]) by mail1.cro.st.com (MOS 3.5.8-GR) with ESMTP id CHY70189 (AUTH "denis pilat"); Wed, 12 Jul 2006 16:02:18 +0200 (CEST) Message-ID: <44B500EA.1020506@st.com> Date: Wed, 12 Jul 2006 14:15:00 -0000 From: Denis PILAT User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.0.1) Gecko/20020920 Netscape/7.0 MIME-Version: 1.0 To: gdb-patches@sources.redhat.com Subject: [PATCH] Segmentation fault when using the completion for interpreter Content-Type: multipart/mixed; boundary="------------040709080602080307080204" X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2006-07/txt/msg00110.txt.bz2 This is a multi-part message in MIME format. --------------040709080602080307080204 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-length: 482 I found a bug in gdb: when using the completion after the cli command "interpreter-exec", an out-of-bound access occures. Attached is a patch proposal that fixes it. There were 2 problems in the original code in file interps.c, function interpreter_completer: - the case of (num_matches == alloced) was not handled. In that case the matches list it not terminated by NULL. - the xrealloc done at the end is useless since the num_matches is always <= alloced. -- Denis PILAT --------------040709080602080307080204 Content-Type: text/plain; name="ChangeLog" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ChangeLog" Content-length: 169 2006-07-12 Denis PILAT * interps.c (interpreter_completer): Allocate one more item to the 'matches' list and set them all to 0 with a xcalloc. --------------040709080602080307080204 Content-Type: text/plain; name="interps.c.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="interps.c.patch" Content-length: 1046 Index: interps.c =================================================================== --- interps.c (revision 486) +++ interps.c (working copy) @@ -424,10 +424,11 @@ interpreter_completer (char *text, char struct interp *interp; /* We expect only a very limited number of interpreters, so just - allocate room for all of them. */ + allocate room for all of them plus one for the last that must be NULL + to correctly end the list. */ for (interp = interp_list; interp != NULL; interp = interp->next) ++alloced; - matches = (char **) xmalloc (alloced * sizeof (char *)); + matches = (char **) xcalloc (alloced + 1, sizeof (char *)); num_matches = 0; textlen = strlen (text); @@ -460,12 +461,6 @@ interpreter_completer (char *text, char xfree (matches); matches = NULL; } - else if (num_matches < alloced) - { - matches = (char **) xrealloc ((char *) matches, ((num_matches + 1) - * sizeof (char *))); - matches[num_matches] = NULL; - } return matches; } --------------040709080602080307080204--