From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-83205-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 27417 invoked by alias); 25 Aug 2011 16:06:01 -0000
Received: (qmail 27393 invoked by uid 22791); 25 Aug 2011 16:05:56 -0000
X-SWARE-Spam-Status: No, hits=-1.7 required=5.0	tests=AWL,BAYES_00,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPF_HELO_PASS
X-Spam-Check-By: sourceware.org
Received: from lo.gmane.org (HELO lo.gmane.org) (80.91.229.12)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 25 Aug 2011 16:05:13 +0000
Received: from list by lo.gmane.org with local (Exim 4.69)	(envelope-from <gdb-gdb-patches@m.gmane.org>)	id 1QwcQZ-0002hT-9a	for gdb-patches@sources.redhat.com; Thu, 25 Aug 2011 18:05:11 +0200
Received: from 209.226.137.108 ([209.226.137.108])        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))        id 1AlnuQ-0007hv-00        for <gdb-patches@sources.redhat.com>; Thu, 25 Aug 2011 18:05:11 +0200
Received: from aristovski by 209.226.137.108 with local (Gmexim 0.1 (Debian))        id 1AlnuQ-0007hv-00        for <gdb-patches@sources.redhat.com>; Thu, 25 Aug 2011 18:05:11 +0200
To: gdb-patches@sources.redhat.com
From: Aleksandar Ristovski <aristovski@qnx.com>
Subject: [patch] buffer overflow in symtab_from_filename
Date: Thu, 25 Aug 2011 16:06:00 -0000
Message-ID: <j35rrb$m07$1@dough.gmane.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------030502030405060105040106"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20110812 Thunderbird/6.0
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2011-08/txt/msg00465.txt.bz2

This is a multi-part message in MIME format.
--------------030502030405060105040106
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-length: 372

Hello,

There is an issue in symtab_from_filename function, it may buffer 
overflow by advancing past the end of the string.

The patch makes sure we do not advance past zero terminator.

Thanks,

Aleksandar Ristovski
QNX Software Systems


ChangeLog:
Aleksandar Ristovski <aristovski@qnx.com>

         * linespec.c (symtab_from_filename): Check for the end of string.



--------------030502030405060105040106
Content-Type: text/x-patch;
 name="linespec-201108251155.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="linespec-201108251155.patch"
Content-length: 507

Index: gdb/linespec.c
===================================================================
RCS file: /cvs/src/src/gdb/linespec.c,v
retrieving revision 1.129
diff -u -p -r1.129 linespec.c
--- gdb/linespec.c	18 Aug 2011 16:17:38 -0000	1.129
+++ gdb/linespec.c	25 Aug 2011 15:55:21 -0000
@@ -1835,6 +1835,8 @@ symtab_from_filename (char **argptr, cha
     }
 
   /* Discard the file name from the arg.  */
+  if (*p1 == '\0')
+    return file_symtab;
   p = p1 + 1;
   while (*p == ' ' || *p == '\t')
     p++;

--------------030502030405060105040106--