From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-107917-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 2511 invoked by alias); 4 Dec 2013 11:47:53 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Received: (qmail 2466 invoked by uid 89); 4 Dec 2013 11:47:52 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=0.3 required=5.0 tests=AWL,BAYES_50,RDNS_NONE,SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2
X-HELO: mx1.redhat.com
Received: from Unknown (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 04 Dec 2013 11:47:48 +0000
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rB4BlYDO016914	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);	Wed, 4 Dec 2013 06:47:34 -0500
Received: from [127.0.0.1] (ovpn01.gateway.prod.ext.ams2.redhat.com [10.39.146.11])	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rB4BlWBI018888;	Wed, 4 Dec 2013 06:47:33 -0500
Message-ID: <529F1654.8000704@redhat.com>
Date: Wed, 04 Dec 2013 11:47:00 -0000
From: Pedro Alves <palves@redhat.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130625 Thunderbird/17.0.7
MIME-Version: 1.0
To: Doug Evans <dje@google.com>
CC: gdb-patches <gdb-patches@sourceware.org>,        Joel Brobecker <brobecker@adacore.com>,        Sterling Augustine <saugustine@google.com>
Subject: Re: [PATCH] PR 16286: Reading python value as string beyond declared size
References: <yjt2haaqyhe7.fsf@ruffy.mtv.corp.google.com>	<529E3F10.6030607@redhat.com> <CADPb22SFRk9ZVkaF1HPt_mQcsqxpBFhvtrdD7GK5e6_Vx7K7ug@mail.gmail.com>
In-Reply-To: <CADPb22SFRk9ZVkaF1HPt_mQcsqxpBFhvtrdD7GK5e6_Vx7K7ug@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-SW-Source: 2013-12/txt/msg00121.txt.bz2

On 12/03/2013 11:01 PM, Doug Evans wrote:
> On Tue, Dec 3, 2013 at 12:29 PM, Pedro Alves <palves@redhat.com> wrote:
>> On 12/02/2013 11:14 PM, Doug Evans wrote:
>>> +      if (*length > 0)
>>> +     fetchlimit = UINT_MAX;
>>
>> Shouldn't this be:
>>
>>       if (*length > 0)
>>         fetchlimit = *length;
>>
>> ?  That is, if the caller specified a limit, why do we do over it?
> 
> read_string will take min (len, fetchlimit), and I saw no value in
> passing fetchlimit = *length.

Ah, I see now.  Thanks.

>> BTW, it looks like the not_lval/lval_internalvar path can
>> blindly read beyond the value's contents buffer, if *length
>> is bigger than the value's contents buffer size:
> It didn't look right to me either, but I was leaving digging deeper
> for another pass.

OK.  TBC, I wasn't requesting that'd be fixed in this patch, only
for confirmation that I wasn't missing something.

-- 
Pedro Alves