From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 32338 invoked by alias); 11 Jul 2013 16:15:27 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 32323 invoked by uid 89); 11 Jul 2013 16:15:26 -0000 X-Spam-SWARE-Status: No, score=-3.5 required=5.0 tests=AWL,BAYES_00,KHOP_RCVD_UNTRUST,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham version=3.3.1 Received: from mms3.broadcom.com (HELO mms3.broadcom.com) (216.31.210.19) by sourceware.org (qpsmtpd/0.84/v0.84-167-ge50287c) with ESMTP; Thu, 11 Jul 2013 16:15:25 +0000 Received: from [10.9.208.57] by mms3.broadcom.com with ESMTP (Broadcom SMTP Relay (Email Firewall v6.5)); Thu, 11 Jul 2013 09:05:47 -0700 X-Server-Uuid: B86B6450-0931-4310-942E-F00ED04CA7AF Received: from IRVEXCHSMTP1.corp.ad.broadcom.com (10.9.207.51) by IRVEXCHCAS08.corp.ad.broadcom.com (10.9.208.57) with Microsoft SMTP Server (TLS) id 14.1.438.0; Thu, 11 Jul 2013 09:15:17 -0700 Received: from mail-irva-13.broadcom.com (10.10.10.20) by IRVEXCHSMTP1.corp.ad.broadcom.com (10.9.207.51) with Microsoft SMTP Server id 14.1.438.0; Thu, 11 Jul 2013 09:15:17 -0700 Received: from [10.177.73.66] (unknown [10.177.73.66]) by mail-irva-13.broadcom.com (Postfix) with ESMTP id B0F07F2DAC for ; Thu, 11 Jul 2013 09:15:11 -0700 (PDT) Message-ID: <51DEDA0E.8020809@broadcom.com> Date: Thu, 11 Jul 2013 16:15:00 -0000 From: "Andrew Burgess" User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: "gdb-patches@sourceware.org" Subject: [PATCH] Don't call strchr with the NULL character. Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-SW-Source: 2013-07/txt/msg00322.txt.bz2 In the printf code we call strchr without guarding against the case where the second parameter is NULL. My local manpage for strchr doesn't say what happens in this case, but this file: src/libiberty/strchr.c suggests the results are undefined, and indeed, the answer I see is not NULL (which is what I might have hoped for). Patch below adds check for NULL character, and some tests which are currently failing for me, but as it's string overflow, the results are going to be undefined. OK to apply? Thanks, Andrew gdb/ChangeLog * common/format.c (parse_format_string): Add checks for NULL character before calling strchr. gdb/testsuite/ChangeLog * gdb.base/printcmds.exp (test_printf): Add tests for format strings with missing format specifier. diff --git a/gdb/common/format.c b/gdb/common/format.c index 5803818..1bdd253 100644 --- a/gdb/common/format.c +++ b/gdb/common/format.c @@ -156,7 +156,7 @@ parse_format_string (const char **arg) /* The first part of a format specifier is a set of flag characters. */ - while (strchr ("0-+ #", *f)) + while (*f != '\0' && strchr ("0-+ #", *f)) { if (*f == '#') seen_hash = 1; @@ -170,7 +170,7 @@ parse_format_string (const char **arg) } /* The next part of a format specifier is a width. */ - while (strchr ("0123456789", *f)) + while (*f != '\0' && strchr ("0123456789", *f)) f++; /* The next part of a format specifier is a precision. */ @@ -178,7 +178,7 @@ parse_format_string (const char **arg) { seen_prec = 1; f++; - while (strchr ("0123456789", *f)) + while (*f != '\0' && strchr ("0123456789", *f)) f++; } diff --git a/gdb/testsuite/gdb.base/printcmds.exp b/gdb/testsuite/gdb.base/printcmds.exp index 4883fd5..4f88382 100644 --- a/gdb/testsuite/gdb.base/printcmds.exp +++ b/gdb/testsuite/gdb.base/printcmds.exp @@ -728,6 +728,12 @@ proc test_printf {} { # Regression test for "%% at end of format string. # See http://sourceware.org/bugzilla/show_bug.cgi?id=11345 gdb_test "printf \"%%%d%%\\n\", 5" "%5%" + + # Some tests for missing format specifier after '%'. + gdb_test "printf \"%\", 0" "Incomplete format specifier at end of format string" + gdb_test "printf \"%.234\", 0" "Incomplete format specifier at end of format string" + gdb_test "printf \"%-\", 0" "Incomplete format specifier at end of format string" + gdb_test "printf \"%-23\", 0" "Incomplete format specifier at end of format string" } #Test printing DFP values with printf