From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-132951-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 89272 invoked by alias); 12 Aug 2016 16:39:53 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Received: (qmail 89261 invoked by uid 89); 12 Aug 2016 16:39:53 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=H*MI:sk:1471005, H*f:sk:1471005, H*i:sk:1471005
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 12 Aug 2016 16:39:52 +0000
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))	(No client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id E021883F47;	Fri, 12 Aug 2016 16:39:50 +0000 (UTC)
Received: from valrhona.uglyboxes.com (ovpn03.gateway.prod.ext.phx2.redhat.com [10.5.9.3])	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u7CGdnLR018696	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);	Fri, 12 Aug 2016 12:39:50 -0400
Subject: Re: [PATCH master/7.12] Fix heap-buffer-overflow in explicit_location_lex_one
To: Yao Qi <qiyaoltc@gmail.com>, gdb-patches@sourceware.org
References: <1471005890-24205-1-git-send-email-yao.qi@linaro.org>
From: Keith Seitz <keiths@redhat.com>
Message-ID: <57ADFBD5.5060507@redhat.com>
Date: Fri, 12 Aug 2016 16:39:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <1471005890-24205-1-git-send-email-yao.qi@linaro.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-IsSubscribed: yes
X-SW-Source: 2016-08/txt/msg00149.txt.bz2

On 08/12/2016 05:44 AM, Yao Qi wrote:
> the code in question is:
> 
>>         /* Special case: C++ operator,.  */
>>         if (language->la_language == language_cplus
>>             && strncmp (*inp, "operator", 8)  <--- [1]
>>             && (*inp)[9] == ',')
>>           (*inp) += 9;
>>         ++(*inp);
[snip]

Yeah, that does look odd... Normally, I would not leave the result of
strcmp et al unchecked like this since those functions do not return a
boolean value. So I'd say it must have been a bad day. A really bad day.

> Is it OK?

While your patch alters the behavior ever so slightly (originally, it
was meant to skip over "operator," -- now it skips over "operator" and
the next char), I don't think that it will impact what this code
actually does. It looks good to me.

Good catch!

Keith