From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 24426 invoked by alias); 27 Feb 2011 21:27:38 -0000 Received: (qmail 24417 invoked by uid 22791); 27 Feb 2011 21:27:37 -0000 X-SWARE-Spam-Status: No, hits=-5.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from smtp-outbound-2.vmware.com (HELO smtp-outbound-2.vmware.com) (65.115.85.73) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 27 Feb 2011 21:27:33 +0000 Received: from mailhost3.vmware.com (mailhost3.vmware.com [10.16.27.45]) by smtp-outbound-2.vmware.com (Postfix) with ESMTP id 65D3A7002; Sun, 27 Feb 2011 13:27:32 -0800 (PST) Received: from msnyder-server.eng.vmware.com (promd-2s-dhcp138.eng.vmware.com [10.20.124.138]) by mailhost3.vmware.com (Postfix) with ESMTP id 5CC43CD94A; Sun, 27 Feb 2011 13:27:32 -0800 (PST) Message-ID: <4D6AC1C3.10508@vmware.com> Date: Sun, 27 Feb 2011 21:33:00 -0000 From: Michael Snyder User-Agent: Thunderbird 2.0.0.24 (X11/20101201) MIME-Version: 1.0 To: Jan Kratochvil CC: "gdb-patches@sourceware.org" , Doug Evans Subject: Re: [RFA] off by one array reference in i386-low.c/i386_show_dr References: <4D698427.2050301@vmware.com> <20110227164646.GA15468@host1.dyn.jankratochvil.net> In-Reply-To: <20110227164646.GA15468@host1.dyn.jankratochvil.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-02/txt/msg00847.txt.bz2 Jan Kratochvil wrote: > Hi Michael, > > On Sat, 26 Feb 2011 23:52:23 +0100, Michael Snyder wrote: >> I'm not 100 percent sure this is right, but I do know that >> as written, it will overflow the array dr_mirror. What do >> you think? > [...] >> --- i386-low.c 1 Jan 2011 15:33:24 -0000 1.5 >> +++ i386-low.c 26 Feb 2011 22:48:38 -0000 > /* A macro to loop over all debug registers. */ > #define ALL_DEBUG_REGISTERS(i) for (i = 0; i < DR_NADDR; i++) >> @@ -195,7 +195,7 @@ i386_show_dr (struct i386_debug_reg_stat > ALL_DEBUG_REGISTERS(i) > { > printf_unfiltered ("\ >> \tDR%d: addr=0x%s, ref.count=%d DR%d: addr=0x%s, ref.count=%d\n", >> i, paddress (state->dr_mirror[i]), >> state->dr_ref_count[i], >> - i + 1, paddress (state->dr_mirror[i + 1]), >> + i + 1, paddress (state->dr_mirror[i]), >> state->dr_ref_count[i + 1]); >> i++; >> } > > -> > CONTROL (DR7): 0000000000090101 STATUS (DR6): 0000000000004000 > DR0: addr=0x0000000001c31f30, ref.count=1 DR1: addr=0x0000000000000000, ref.count=0 > DR2: addr=0x0000000000000000, ref.count=0 DR3: addr=0x0000000000000000, ref.count=0 > > I do not see a bug there; still it could be better commented. The bug is that when "i" is 3, "i + 1" is 4, and the array only runs from 0 to 3.