From: Tom de Vries <tdevries@suse.de>
To: Andrew Burgess <aburgess@redhat.com>, gdb-patches@sourceware.org
Subject: Re: [PATCH] [gdb] Fix heap-buffer-overflow in args_complete_p
Date: Tue, 6 Jan 2026 10:29:47 +0100 [thread overview]
Message-ID: <c20f4154-ef39-44b7-b9eb-24c98de7ea30@suse.de> (raw)
In-Reply-To: <7beac4be-7924-48b5-804b-6400efd02834@suse.de>
On 1/6/26 9:47 AM, Tom de Vries wrote:
> and it's the fact that we don't check for '\0' after skip_spaces that is
> the problem. I think it should be possible to reproduce the problem
> with args == " ".
I've written a unit test that reproduces the problem with args == " ".
Thanks,
- Tom
diff --git a/gdb/infcmd.c b/gdb/infcmd.c
index 1a7daf1461b..88948a343da 100644
--- a/gdb/infcmd.c
+++ b/gdb/infcmd.c
@@ -56,6 +56,7 @@
#include <optional>
#include "source.h"
#include "cli/cli-style.h"
+#include "gdbsupport/selftest.h"
/* Local functions: */
@@ -123,7 +124,7 @@ show_inferior_tty_command (struct ui_file *file, int
from_tty,
finished. */
static bool
-args_complete_p (const std::string &args)
+args_complete_p (const std::string &args, const char **end = nullptr)
{
const char *input = args.c_str ();
bool squote = false, dquote = false;
@@ -180,9 +185,28 @@ args_complete_p (const std::string &args)
++input;
}
+ if (end != nullptr)
+ *end = input;
return (!dquote && !squote);
}
+#if GDB_SELF_TEST
+namespace selftests {
+
+static void
+infcmd_args_complete_p_tests (void)
+{
+ const char *end;
+
+ /* Regression test for heap-buffer-overflow reported in PR33754. */
+ std::string s1 = " ";
+ SELF_CHECK (args_complete_p (s1, &end));
+ SELF_CHECK (end == s1.data () + s1.size ());
+}
+
+} /* namespace selftests */
+#endif /* GDB_SELF_TEST */
+
/* Build a complete inferior argument string (all arguments to pass to the
inferior) and return it. ARGS is the initial part of the inferior
arguments string, which might be the complete inferior arguments, in
@@ -3634,4 +3658,9 @@ Show whether `finish' prints the return value."),
nullptr,
nullptr,
show_print_finish,
&setprintlist, &showprintlist);
+
+#if GDB_SELF_TEST
+ selftests::register_test ("infcmd-args-complete-p",
+ selftests::infcmd_args_complete_p_tests);
+#endif
}
next prev parent reply other threads:[~2026-01-06 9:30 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-03 14:55 Tom de Vries
2026-01-05 16:38 ` Tom Tromey
2026-01-06 14:51 ` Tom de Vries
2026-01-05 19:57 ` Andrew Burgess
2026-01-05 20:02 ` Andrew Burgess
2026-01-05 20:09 ` Tom Tromey
2026-01-06 8:47 ` Tom de Vries
2026-01-06 9:29 ` Tom de Vries [this message]
2026-01-06 14:53 ` Tom de Vries
2026-01-07 10:46 ` Andrew Burgess
2026-01-07 11:21 ` Tom de Vries
2026-01-07 15:01 ` Andrew Burgess
2026-01-07 18:13 ` Tom Tromey
2026-01-12 11:42 ` Andrew Burgess
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c20f4154-ef39-44b7-b9eb-24c98de7ea30@suse.de \
--to=tdevries@suse.de \
--cc=aburgess@redhat.com \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox