From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id iEIoNaEaXGlDuS0AWB0awg (envelope-from ) for ; Mon, 05 Jan 2026 15:10:09 -0500 Authentication-Results: simark.ca; dkim=fail reason="signature verification failed" (768-bit key; unprotected) header.d=tromey.com header.i=@tromey.com header.a=rsa-sha256 header.s=default header.b=AWtfjDGL; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id CBB511E0B6; Mon, 05 Jan 2026 15:10:09 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED autolearn=ham autolearn_force=no version=4.0.1 Received: from vm01.sourceware.org (vm01.sourceware.org [38.145.34.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 3DA2C1E08D for ; Mon, 05 Jan 2026 15:10:09 -0500 (EST) Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id B45204BA2E1E for ; Mon, 5 Jan 2026 20:10:08 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B45204BA2E1E Authentication-Results: sourceware.org; dkim=fail reason="signature verification failed" (768-bit key, unprotected) header.d=tromey.com header.i=@tromey.com header.a=rsa-sha256 header.s=default header.b=AWtfjDGL Received: from omta036.useast.a.cloudfilter.net (omta036.useast.a.cloudfilter.net [44.202.169.35]) by sourceware.org (Postfix) with ESMTPS id CDAE04BA2E04 for ; Mon, 5 Jan 2026 20:09:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CDAE04BA2E04 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=tromey.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tromey.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CDAE04BA2E04 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=44.202.169.35 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1767643782; cv=none; b=SLervFSmydio6xyalzLHZJNMQqzLjlFSIs+wxpBT4VWmYR1dTIO4UDPXElTnJaz4yhOhDW6EY8rQRHX99SDj0Ywqrel4jZ5xuVuLBMQ09NEbPkaB9A76VCKXVsQNZlaVEnKInNMApJA3tXYZ9XIhsFtlATDR5YbeXWb/VWEPvgw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1767643782; c=relaxed/simple; bh=ry9RhbLpDYGnM6bz8Zp0NOWnQSXVbKV4qvDXzTUBhWs=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=hf50Cy9bKzhkUlbW1Q/qAHu8iwUXpzjYEUi+1YjUtFOfKfV61DVaXxohr6stX4UjfCTgakWpY5RvWsFbF5CqLcGO0CNzXA89aPlt3/OgIV5ggPYc9uuwyhCtpQKQilWEmpwZM7+ZyfQkhjXL9DwzpPiUqv3O77nXEuUGhwAk7b8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CDAE04BA2E04 Received: from eig-obgw-6007b.ext.cloudfilter.net ([10.0.30.166]) by cmsmtp with ESMTPS id cqHDvgPnMKXDJcqtavlwBv; Mon, 05 Jan 2026 20:09:42 +0000 Received: from box5379.bluehost.com ([162.241.216.53]) by cmsmtp with ESMTPS id cqtZvWBauh8QWcqtZvGMJa; Mon, 05 Jan 2026 20:09:42 +0000 X-Authority-Analysis: v=2.4 cv=Mcdsu4/f c=1 sm=1 tr=0 ts=695c1a86 a=ApxJNpeYhEAb1aAlGBBbmA==:117 a=ApxJNpeYhEAb1aAlGBBbmA==:17 a=vUbySO9Y5rIA:10 a=ItBw4LHWJt0A:10 a=20KFwNOVAAAA:8 a=lQmC_qxOxsOD13B3qnAA:9 a=DCx65vhANUyCzuf5D8fC:22 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tromey.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To :Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=SGym0ubQI3QoT97optp66FAcqCo82vuuT+fZRxiAqBU=; b=AWtfjDGL/ju1CXd3EwYqvQ959G SZBvuqlDKmv+i3uy7K6XdHtMY0CQdWP0zdC17nEHkpMKWhTRgahBDcRJtKtTCD+CBNs2YYP96mo6B nUFaAAtfj9s+0hz6NLA7778K7; Received: from 75-166-246-134.hlrn.qwest.net ([75.166.246.134]:41326 helo=bapiya) by box5379.bluehost.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1vcqtZ-00000003TyF-1pM2; Mon, 05 Jan 2026 13:09:41 -0700 From: Tom Tromey To: Andrew Burgess Cc: Tom de Vries , gdb-patches@sourceware.org Subject: Re: [PATCH] [gdb] Fix heap-buffer-overflow in args_complete_p In-Reply-To: <874iozygr7.fsf@redhat.com> (Andrew Burgess's message of "Mon, 05 Jan 2026 19:57:32 +0000") References: <20260103145559.2722584-1-tdevries@suse.de> <874iozygr7.fsf@redhat.com> X-Attribution: Tom Date: Mon, 05 Jan 2026 13:09:40 -0700 Message-ID: <874iozvn23.fsf@tromey.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - box5379.bluehost.com X-AntiAbuse: Original Domain - sourceware.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - tromey.com X-BWhitelist: no X-Source-IP: 75.166.246.134 X-Source-L: No X-Exim-ID: 1vcqtZ-00000003TyF-1pM2 X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: 75-166-246-134.hlrn.qwest.net (bapiya) [75.166.246.134]:41326 X-Source-Auth: tom+tromey.com X-Email-Count: 5 X-Org: HG=bhshared;ORG=bluehost; X-Source-Cap: ZWx5bnJvYmk7ZWx5bnJvYmk7Ym94NTM3OS5ibHVlaG9zdC5jb20= X-Local-Domain: yes X-CMAE-Envelope: MS4xfILN/WF6gjF+MrDyBgnigoBPvXoNBGz5sUfvTiCKEQGakKA9T2ftthUzJ9rAg0M4gkqF5StnD6tv09RLMjlUMG5gSQyWYpsy3SdT9+DXj7yd/ujAZ5mv UhQ+4p5EVk8Kv5dKAmbhkcY5EWUjVUtxZ05KqsYDmMA7tFx1bMwNu242Yjgj528rQvPHAw1vqSenzlniCIf1UFMnzuVnKND2V+8= X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org >>>>> "Andrew" == Andrew Burgess writes: Andrew> Sorry to be a bore, but after reading this commit, and the bug report, Andrew> it's still not obvious to me where the overflow actually occurs. I believe in this code: if (*input == '\\' && strchr ("\"\\'", *(input + 1)) != nullptr) ++input; if *input == '\\' but this is also the last character of the string, then strchr will return the address of the \0, then ++input will advance past it. I think sticking "&& input[1] != '\0'" in there might be sufficient. Though perhaps there's also an issue if the string ends with spaces, because: input = skip_spaces (input); ... ++input; Tom