* [commit] objc-lang.c, classes_info, avoid string overrun
@ 2011-03-01 1:46 Michael Snyder
2011-03-01 3:30 ` Yao Qi
2011-03-01 14:31 ` Tom Tromey
0 siblings, 2 replies; 4+ messages in thread
From: Michael Snyder @ 2011-03-01 1:46 UTC (permalink / raw)
To: gdb-patches
[-- Attachment #1: Type: text/plain, Size: 87 bytes --]
This is the same problem as with selectors_info, so I just applied
the same solution.
[-- Attachment #2: overflow1.txt --]
[-- Type: text/plain, Size: 1213 bytes --]
2011-02-28 Michael Snyder <msnyder@vmware.com>
* objc-lang.c (selectors_info): Add a small safety margin to
avoid overflow.
(classes_info): Error out on too long REGEXP.
Index: objc-lang.c
===================================================================
RCS file: /cvs/src/src/gdb/objc-lang.c,v
retrieving revision 1.93
diff -u -p -u -p -r1.93 objc-lang.c
--- objc-lang.c 28 Feb 2011 18:14:34 -0000 1.93
+++ objc-lang.c 1 Mar 2011 01:41:39 -0000
@@ -720,7 +720,7 @@ selectors_info (char *regexp, int from_t
strcpy(myregexp, ".*]");
else
{
- if (sizeof (myregexp) < strlen (regexp) + 1)
+ if (sizeof (myregexp) < strlen (regexp) + 4)
error (_("Regexp is too long: %s"), regexp);
strcpy(myregexp, regexp);
if (myregexp[strlen(myregexp) - 1] == '$') /* end of selector */
@@ -863,6 +863,8 @@ classes_info (char *regexp, int from_tty
strcpy(myregexp, ".* "); /* Null input: match all objc classes. */
else
{
+ if (sizeof (myregexp) < strlen (regexp) + 4)
+ error (_("Regexp is too long: %s"), regexp);
strcpy(myregexp, regexp);
if (myregexp[strlen(myregexp) - 1] == '$')
/* In the method name, the end of the class name is marked by ' '. */
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [commit] objc-lang.c, classes_info, avoid string overrun
2011-03-01 1:46 [commit] objc-lang.c, classes_info, avoid string overrun Michael Snyder
@ 2011-03-01 3:30 ` Yao Qi
2011-03-01 18:51 ` Michael Snyder
2011-03-01 14:31 ` Tom Tromey
1 sibling, 1 reply; 4+ messages in thread
From: Yao Qi @ 2011-03-01 3:30 UTC (permalink / raw)
To: Michael Snyder; +Cc: gdb-patches
On 03/01/2011 09:46 AM, Michael Snyder wrote:
> - if (sizeof (myregexp) < strlen (regexp) + 1)
> + if (sizeof (myregexp) < strlen (regexp) + 4)
> error (_("Regexp is too long: %s"), regexp);
> strcpy(myregexp, regexp);
It is a little bit confusing when people read this code. We may need a
short comment here.
--
Yao (é½å°§)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [commit] objc-lang.c, classes_info, avoid string overrun
2011-03-01 1:46 [commit] objc-lang.c, classes_info, avoid string overrun Michael Snyder
2011-03-01 3:30 ` Yao Qi
@ 2011-03-01 14:31 ` Tom Tromey
1 sibling, 0 replies; 4+ messages in thread
From: Tom Tromey @ 2011-03-01 14:31 UTC (permalink / raw)
To: Michael Snyder; +Cc: gdb-patches
>>>>> "Michael" == Michael Snyder <msnyder@vmware.com> writes:
Michael> 2011-02-28 Michael Snyder <msnyder@vmware.com>
Michael> * objc-lang.c (selectors_info): Add a small safety margin to
Michael> avoid overflow.
Michael> (classes_info): Error out on too long REGEXP.
I don't really mind this kind of cleanup, but it seems like it would
simpler to just fix the underlying bug entirely, say by using malloc and
a cleanup.
Tom
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [commit] objc-lang.c, classes_info, avoid string overrun
2011-03-01 3:30 ` Yao Qi
@ 2011-03-01 18:51 ` Michael Snyder
0 siblings, 0 replies; 4+ messages in thread
From: Michael Snyder @ 2011-03-01 18:51 UTC (permalink / raw)
To: Yao Qi; +Cc: gdb-patches
[-- Attachment #1: Type: text/plain, Size: 385 bytes --]
Yao Qi wrote:
> On 03/01/2011 09:46 AM, Michael Snyder wrote:
>> - if (sizeof (myregexp) < strlen (regexp) + 1)
>> + if (sizeof (myregexp) < strlen (regexp) + 4)
>> error (_("Regexp is too long: %s"), regexp);
>> strcpy(myregexp, regexp);
>
> It is a little bit confusing when people read this code. We may need a
> short comment here.
>
Okey dokey, see attached.
[-- Attachment #2: comment.txt --]
[-- Type: text/plain, Size: 1057 bytes --]
2011-03-01 Michael Snyder <msnyder@vmware.com>
* objc-lang.c (selectors_info): Add explanitory comment.
(classes_info): Ditto.
Index: objc-lang.c
===================================================================
RCS file: /cvs/src/src/gdb/objc-lang.c,v
retrieving revision 1.94
diff -u -p -u -p -r1.94 objc-lang.c
--- objc-lang.c 1 Mar 2011 01:44:24 -0000 1.94
+++ objc-lang.c 1 Mar 2011 18:49:41 -0000
@@ -720,6 +720,7 @@ selectors_info (char *regexp, int from_t
strcpy(myregexp, ".*]");
else
{
+ /* Allow a few extra bytes because of the strcat below. */
if (sizeof (myregexp) < strlen (regexp) + 4)
error (_("Regexp is too long: %s"), regexp);
strcpy(myregexp, regexp);
@@ -863,6 +864,7 @@ classes_info (char *regexp, int from_tty
strcpy(myregexp, ".* "); /* Null input: match all objc classes. */
else
{
+ /* Allow a few extra bytes because of the strcat below. */
if (sizeof (myregexp) < strlen (regexp) + 4)
error (_("Regexp is too long: %s"), regexp);
strcpy(myregexp, regexp);
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-03-01 18:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-03-01 1:46 [commit] objc-lang.c, classes_info, avoid string overrun Michael Snyder
2011-03-01 3:30 ` Yao Qi
2011-03-01 18:51 ` Michael Snyder
2011-03-01 14:31 ` Tom Tromey
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox