[commit] objc-lang.c, classes_info, avoid string overrun

Mirror of the gdb-patches mailing list
 help / color / mirror / Atom feed

* [commit] objc-lang.c, classes_info, avoid string overrun
@ 2011-03-01  1:46 Michael Snyder
  2011-03-01  3:30 ` Yao Qi
  2011-03-01 14:31 ` Tom Tromey
  0 siblings, 2 replies; 4+ messages in thread
From: Michael Snyder @ 2011-03-01  1:46 UTC (permalink / raw)
  To: gdb-patches

[-- Attachment #1: Type: text/plain, Size: 87 bytes --]

This is the same problem as with selectors_info, so I just applied
the same solution.


[-- Attachment #2: overflow1.txt --]
[-- Type: text/plain, Size: 1213 bytes --]

2011-02-28  Michael Snyder  <msnyder@vmware.com>

	* objc-lang.c (selectors_info): Add a small safety margin to 
	avoid overflow.
	(classes_info): Error out on too long REGEXP.

Index: objc-lang.c
===================================================================
RCS file: /cvs/src/src/gdb/objc-lang.c,v
retrieving revision 1.93
diff -u -p -u -p -r1.93 objc-lang.c
--- objc-lang.c	28 Feb 2011 18:14:34 -0000	1.93
+++ objc-lang.c	1 Mar 2011 01:41:39 -0000
@@ -720,7 +720,7 @@ selectors_info (char *regexp, int from_t
 	strcpy(myregexp, ".*]");
       else
 	{
-	  if (sizeof (myregexp) < strlen (regexp) + 1)
+	  if (sizeof (myregexp) < strlen (regexp) + 4)
 	    error (_("Regexp is too long: %s"), regexp);
 	  strcpy(myregexp, regexp);
 	  if (myregexp[strlen(myregexp) - 1] == '$') /* end of selector */
@@ -863,6 +863,8 @@ classes_info (char *regexp, int from_tty
     strcpy(myregexp, ".* ");	/* Null input: match all objc classes.  */
   else
     {
+      if (sizeof (myregexp) < strlen (regexp) + 4)
+	error (_("Regexp is too long: %s"), regexp);
       strcpy(myregexp, regexp);
       if (myregexp[strlen(myregexp) - 1] == '$')
 	/* In the method name, the end of the class name is marked by ' '.  */

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [commit] objc-lang.c, classes_info, avoid string overrun
  2011-03-01  1:46 [commit] objc-lang.c, classes_info, avoid string overrun Michael Snyder
@ 2011-03-01  3:30 ` Yao Qi
  2011-03-01 18:51   ` Michael Snyder
  2011-03-01 14:31 ` Tom Tromey
  1 sibling, 1 reply; 4+ messages in thread
From: Yao Qi @ 2011-03-01  3:30 UTC (permalink / raw)
  To: Michael Snyder; +Cc: gdb-patches

On 03/01/2011 09:46 AM, Michael Snyder wrote:
> -	  if (sizeof (myregexp) < strlen (regexp) + 1)
> +	  if (sizeof (myregexp) < strlen (regexp) + 4)
>  	    error (_("Regexp is too long: %s"), regexp);
>  	  strcpy(myregexp, regexp);

It is a little bit confusing when people read this code.  We may need a
short comment here.

-- 
Yao (é½å°§)


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [commit] objc-lang.c, classes_info, avoid string overrun
  2011-03-01  3:30 ` Yao Qi
@ 2011-03-01 18:51   ` Michael Snyder
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Snyder @ 2011-03-01 18:51 UTC (permalink / raw)
  To: Yao Qi; +Cc: gdb-patches

[-- Attachment #1: Type: text/plain, Size: 385 bytes --]

Yao Qi wrote:
> On 03/01/2011 09:46 AM, Michael Snyder wrote:
>> -	  if (sizeof (myregexp) < strlen (regexp) + 1)
>> +	  if (sizeof (myregexp) < strlen (regexp) + 4)
>>  	    error (_("Regexp is too long: %s"), regexp);
>>  	  strcpy(myregexp, regexp);
> 
> It is a little bit confusing when people read this code.  We may need a
> short comment here.
> 

Okey dokey, see attached.




[-- Attachment #2: comment.txt --]
[-- Type: text/plain, Size: 1057 bytes --]

2011-03-01  Michael Snyder  <msnyder@vmware.com>

	* objc-lang.c (selectors_info): Add explanitory comment.
	(classes_info): Ditto.

Index: objc-lang.c
===================================================================
RCS file: /cvs/src/src/gdb/objc-lang.c,v
retrieving revision 1.94
diff -u -p -u -p -r1.94 objc-lang.c
--- objc-lang.c	1 Mar 2011 01:44:24 -0000	1.94
+++ objc-lang.c	1 Mar 2011 18:49:41 -0000
@@ -720,6 +720,7 @@ selectors_info (char *regexp, int from_t
 	strcpy(myregexp, ".*]");
       else
 	{
+	  /* Allow a few extra bytes because of the strcat below.  */
 	  if (sizeof (myregexp) < strlen (regexp) + 4)
 	    error (_("Regexp is too long: %s"), regexp);
 	  strcpy(myregexp, regexp);
@@ -863,6 +864,7 @@ classes_info (char *regexp, int from_tty
     strcpy(myregexp, ".* ");	/* Null input: match all objc classes.  */
   else
     {
+      /* Allow a few extra bytes because of the strcat below.  */
       if (sizeof (myregexp) < strlen (regexp) + 4)
 	error (_("Regexp is too long: %s"), regexp);
       strcpy(myregexp, regexp);

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [commit] objc-lang.c, classes_info, avoid string overrun
  2011-03-01  1:46 [commit] objc-lang.c, classes_info, avoid string overrun Michael Snyder
  2011-03-01  3:30 ` Yao Qi
@ 2011-03-01 14:31 ` Tom Tromey
  1 sibling, 0 replies; 4+ messages in thread
From: Tom Tromey @ 2011-03-01 14:31 UTC (permalink / raw)
  To: Michael Snyder; +Cc: gdb-patches

>>>>> "Michael" == Michael Snyder <msnyder@vmware.com> writes:

Michael> 2011-02-28  Michael Snyder  <msnyder@vmware.com>
Michael> 	* objc-lang.c (selectors_info): Add a small safety margin to 
Michael> 	avoid overflow.
Michael> 	(classes_info): Error out on too long REGEXP.

I don't really mind this kind of cleanup, but it seems like it would
simpler to just fix the underlying bug entirely, say by using malloc and
a cleanup.

Tom

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2011-03-01 18:51 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-03-01  1:46 [commit] objc-lang.c, classes_info, avoid string overrun Michael Snyder
2011-03-01  3:30 ` Yao Qi
2011-03-01 18:51   ` Michael Snyder
2011-03-01 14:31 ` Tom Tromey

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox