From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 24435 invoked by alias); 19 Nov 2009 19:01:14 -0000 Received: (qmail 24185 invoked by uid 22791); 19 Nov 2009 19:01:12 -0000 X-SWARE-Spam-Status: No, hits=-1.7 required=5.0 tests=AWL,BAYES_00,KAM_STOCKGEN,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 19 Nov 2009 19:00:08 +0000 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id nAJJ077k015263 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 19 Nov 2009 14:00:07 -0500 Received: from [IPv6:::1] (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id nAJJ03nV013678 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 19 Nov 2009 14:00:06 -0500 Message-ID: <4B0595B3.90001@redhat.com> Date: Thu, 19 Nov 2009 19:01:00 -0000 From: Keith Seitz User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4pre) Gecko/20091014 Fedora/3.0-2.8.b4.fc11 Lightning/1.0pre Thunderbird/3.0b4 MIME-Version: 1.0 To: gdb-patches@sourceware.org Subject: [RFA] Fix Ada memory corruption Content-Type: multipart/mixed; boundary="------------070206080208080300040807" X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2009-11/txt/msg00416.txt.bz2 This is a multi-part message in MIME format. --------------070206080208080300040807 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-length: 395 Hi, Tom's recent symbol_set_names patch exposed this Ada bug, which results in memory corruption while computing an alternate symbol name. This fixes the crash I was seeing in gdb.ada/interface.exp tests. Ok? Keith ChangeLog 2009-11-19 Keith Seitz * ada-lang.c (find_old_style_renaming_symbol): Change function_name to const and use strncpy to stript the suffix. --------------070206080208080300040807 Content-Type: text/plain; name="ada-mem-err.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="ada-mem-err.patch" Content-length: 2037 Index: ada-lang.c =================================================================== RCS file: /cvs/src/src/gdb/ada-lang.c,v retrieving revision 1.229 diff -u -p -r1.229 ada-lang.c --- ada-lang.c 2 Jul 2009 17:25:52 -0000 1.229 +++ ada-lang.c 19 Nov 2009 18:51:42 -0000 @@ -6505,7 +6505,7 @@ find_old_style_renaming_symbol (const ch qualified. This means we need to prepend the function name as well as adding the ``___XR'' suffix to build the name of the associated renaming symbol. */ - char *function_name = SYMBOL_LINKAGE_NAME (function_sym); + const char *function_name = SYMBOL_LINKAGE_NAME (function_sym); /* Function names sometimes contain suffixes used for instance to qualify nested subprograms. When building the XR type name, we need to make sure that this suffix is @@ -6514,9 +6514,11 @@ find_old_style_renaming_symbol (const ch const int function_name_len = ada_name_prefix_len (function_name); const int rename_len = function_name_len + 2 /* "__" */ + strlen (name) + 6 /* "___XR\0" */ ; + int bufsize = rename_len * sizeof (char); /* Strip the suffix if necessary. */ - function_name[function_name_len] = '\0'; + int end = (strlen (function_name) > function_name_len + ? function_name_len : strlen (function_name)); /* Library-level functions are a special case, as GNAT adds a ``_ada_'' prefix to the function name to avoid namespace @@ -6526,9 +6528,10 @@ find_old_style_renaming_symbol (const ch && strstr (function_name, "_ada_") == function_name) function_name = function_name + 5; - rename = (char *) alloca (rename_len * sizeof (char)); - xsnprintf (rename, rename_len * sizeof (char), "%s__%s___XR", - function_name, name); + rename = (char *) alloca (bufsize); + gdb_assert (end < bufsize); + strncpy (rename, function_name, end); + xsnprintf (rename, bufsize - end, "__%s___XR", name); } else { --------------070206080208080300040807--