From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29213 invoked by alias); 1 Mar 2011 01:46:09 -0000 Received: (qmail 29205 invoked by uid 22791); 1 Mar 2011 01:46:09 -0000 X-SWARE-Spam-Status: No, hits=-5.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,TW_BJ,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from smtp-outbound-1.vmware.com (HELO smtp-outbound-1.vmware.com) (65.115.85.69) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 01 Mar 2011 01:46:05 +0000 Received: from mailhost4.vmware.com (mailhost4.vmware.com [10.16.67.124]) by smtp-outbound-1.vmware.com (Postfix) with ESMTP id D2C9F13050 for ; Mon, 28 Feb 2011 17:46:03 -0800 (PST) Received: from msnyder-server.eng.vmware.com (promd-2s-dhcp138.eng.vmware.com [10.20.124.138]) by mailhost4.vmware.com (Postfix) with ESMTP id C881CC9E18 for ; Mon, 28 Feb 2011 17:46:03 -0800 (PST) Message-ID: <4D6C4FDB.1030201@vmware.com> Date: Tue, 01 Mar 2011 01:46:00 -0000 From: Michael Snyder User-Agent: Thunderbird 2.0.0.24 (X11/20101201) MIME-Version: 1.0 To: "gdb-patches@sourceware.org" Subject: [commit] objc-lang.c, classes_info, avoid string overrun Content-Type: multipart/mixed; boundary="------------030308050102090807060303" X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-03/txt/msg00009.txt.bz2 This is a multi-part message in MIME format. --------------030308050102090807060303 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-length: 87 This is the same problem as with selectors_info, so I just applied the same solution. --------------030308050102090807060303 Content-Type: text/plain; name="overflow1.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="overflow1.txt" Content-length: 1213 2011-02-28 Michael Snyder * objc-lang.c (selectors_info): Add a small safety margin to avoid overflow. (classes_info): Error out on too long REGEXP. Index: objc-lang.c =================================================================== RCS file: /cvs/src/src/gdb/objc-lang.c,v retrieving revision 1.93 diff -u -p -u -p -r1.93 objc-lang.c --- objc-lang.c 28 Feb 2011 18:14:34 -0000 1.93 +++ objc-lang.c 1 Mar 2011 01:41:39 -0000 @@ -720,7 +720,7 @@ selectors_info (char *regexp, int from_t strcpy(myregexp, ".*]"); else { - if (sizeof (myregexp) < strlen (regexp) + 1) + if (sizeof (myregexp) < strlen (regexp) + 4) error (_("Regexp is too long: %s"), regexp); strcpy(myregexp, regexp); if (myregexp[strlen(myregexp) - 1] == '$') /* end of selector */ @@ -863,6 +863,8 @@ classes_info (char *regexp, int from_tty strcpy(myregexp, ".* "); /* Null input: match all objc classes. */ else { + if (sizeof (myregexp) < strlen (regexp) + 4) + error (_("Regexp is too long: %s"), regexp); strcpy(myregexp, regexp); if (myregexp[strlen(myregexp) - 1] == '$') /* In the method name, the end of the class name is marked by ' '. */ --------------030308050102090807060303--