From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id js+qHTLWXGn76C4AWB0awg (envelope-from ) for ; Tue, 06 Jan 2026 04:30:26 -0500 Authentication-Results: simark.ca; dkim=pass (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=M+OFo4uj; dkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=PeAslpXa; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=M+OFo4uj; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=PeAslpXa; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id 6B2821E0B6; Tue, 06 Jan 2026 04:30:26 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED autolearn=ham autolearn_force=no version=4.0.1 Received: from vm01.sourceware.org (vm01.sourceware.org [38.145.34.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 8EF871E048 for ; Tue, 06 Jan 2026 04:30:25 -0500 (EST) Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id E578B4BA2E22 for ; Tue, 6 Jan 2026 09:30:24 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E578B4BA2E22 Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=M+OFo4uj; dkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=PeAslpXa; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=M+OFo4uj; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=PeAslpXa Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by sourceware.org (Postfix) with ESMTPS id 82BE24BA2E04 for ; Tue, 6 Jan 2026 09:29:49 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 82BE24BA2E04 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 82BE24BA2E04 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1767691789; cv=none; b=f+1h6E6yrKR8FO0t9VeaLdio3ad0fAK3t8A3Fg35D4kJEoBBO9qLNgCDjH9u1f0+9uusMrYoWm1hkAgi89uOUhvXBExEVw8yfqA39X5uKJkCKE1wOSj9rN5Y3wJbj1/zMwgfhbkHrk4wVaPRcrr6GveFufv4AWqod6wJYbtF5aY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1767691789; c=relaxed/simple; bh=/kOJxxWx5AKiuEb1EpdUC5yjaHzBrjwj7ObPNvyj8ao=; h=DKIM-Signature:DKIM-Signature:DKIM-Signature:DKIM-Signature: Message-ID:Date:MIME-Version:Subject:From:To; b=ZZTo/hI7yMI+0CrfdSsR+RdFd6AYJj1d3zlhRdqRuDoF2W2ZfR8Lt8Ny1Fimvu4IVq6k+JG/zOfzjwJqdiMWgBYBHCKEh4e1LeIrnk0IQ/8s8XRPtspsgPUS/glFrR84g/RrpwzLp6xekgdv7MdoQae4Bau9zL3kA5MEh9fxgv8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 82BE24BA2E04 Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 6C1A9339D0; Tue, 6 Jan 2026 09:29:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1767691788; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9wGFw1xFj9IB7T3ggcTL+LXx7ErPfwEkIgB7GJNmYCc=; b=M+OFo4ujpEmVBJuR5jZGHpVt78hTIL6OheWUs5oVivbnNHi6Q+fZ6McgETiciGumAAF/+u J4GyTk3UUw5JCxLph6+LkkLHvolcw5XMFbmHnebO/4oHZTBkJsAsQidamNtyjFtN1UFGTF bhTW851wo1eNEZogCoXiH/rmJpHU7Ro= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1767691788; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9wGFw1xFj9IB7T3ggcTL+LXx7ErPfwEkIgB7GJNmYCc=; b=PeAslpXaAvosPgUfx18RaQhFtQ4FZHyggFVQYS0egb0VZq0oczUikt9kqTt9F1zvAQQhJE 4zhc+gNhOfDkAMDg== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=M+OFo4uj; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=PeAslpXa DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1767691788; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9wGFw1xFj9IB7T3ggcTL+LXx7ErPfwEkIgB7GJNmYCc=; b=M+OFo4ujpEmVBJuR5jZGHpVt78hTIL6OheWUs5oVivbnNHi6Q+fZ6McgETiciGumAAF/+u J4GyTk3UUw5JCxLph6+LkkLHvolcw5XMFbmHnebO/4oHZTBkJsAsQidamNtyjFtN1UFGTF bhTW851wo1eNEZogCoXiH/rmJpHU7Ro= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1767691788; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9wGFw1xFj9IB7T3ggcTL+LXx7ErPfwEkIgB7GJNmYCc=; b=PeAslpXaAvosPgUfx18RaQhFtQ4FZHyggFVQYS0egb0VZq0oczUikt9kqTt9F1zvAQQhJE 4zhc+gNhOfDkAMDg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 550A93EA63; Tue, 6 Jan 2026 09:29:48 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id LaA0EwzWXGlSagAAD6G6ig (envelope-from ); Tue, 06 Jan 2026 09:29:48 +0000 Message-ID: Date: Tue, 6 Jan 2026 10:29:47 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] [gdb] Fix heap-buffer-overflow in args_complete_p From: Tom de Vries To: Andrew Burgess , gdb-patches@sourceware.org References: <20260103145559.2722584-1-tdevries@suse.de> <874iozygr7.fsf@redhat.com> <7beac4be-7924-48b5-804b-6400efd02834@suse.de> Content-Language: en-US In-Reply-To: <7beac4be-7924-48b5-804b-6400efd02834@suse.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 6C1A9339D0 X-Spamd-Result: default: False [-4.50 / 50.00]; BAYES_HAM(-2.99)[99.96%]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-0.999]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:dkim,suse.de:mid]; DNSWL_BLOCKED(0.00)[2a07:de40:b281:106:10:150:64:167:received,2a07:de40:b281:104:10:150:64:97:from]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Rspamd-Action: no action X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org On 1/6/26 9:47 AM, Tom de Vries wrote: > and it's the fact that we don't check for '\0' after skip_spaces that is > the problem.  I think it should be possible to reproduce the problem > with args == " ". I've written a unit test that reproduces the problem with args == " ". Thanks, - Tom diff --git a/gdb/infcmd.c b/gdb/infcmd.c index 1a7daf1461b..88948a343da 100644 --- a/gdb/infcmd.c +++ b/gdb/infcmd.c @@ -56,6 +56,7 @@ #include #include "source.h" #include "cli/cli-style.h" +#include "gdbsupport/selftest.h" /* Local functions: */ @@ -123,7 +124,7 @@ show_inferior_tty_command (struct ui_file *file, int from_tty, finished. */ static bool -args_complete_p (const std::string &args) +args_complete_p (const std::string &args, const char **end = nullptr) { const char *input = args.c_str (); bool squote = false, dquote = false; @@ -180,9 +185,28 @@ args_complete_p (const std::string &args) ++input; } + if (end != nullptr) + *end = input; return (!dquote && !squote); } +#if GDB_SELF_TEST +namespace selftests { + +static void +infcmd_args_complete_p_tests (void) +{ + const char *end; + + /* Regression test for heap-buffer-overflow reported in PR33754. */ + std::string s1 = " "; + SELF_CHECK (args_complete_p (s1, &end)); + SELF_CHECK (end == s1.data () + s1.size ()); +} + +} /* namespace selftests */ +#endif /* GDB_SELF_TEST */ + /* Build a complete inferior argument string (all arguments to pass to the inferior) and return it. ARGS is the initial part of the inferior arguments string, which might be the complete inferior arguments, in @@ -3634,4 +3658,9 @@ Show whether `finish' prints the return value."), nullptr, nullptr, show_print_finish, &setprintlist, &showprintlist); + +#if GDB_SELF_TEST + selftests::register_test ("infcmd-args-complete-p", + selftests::infcmd_args_complete_p_tests); +#endif }