From: Aleksandar Ristovski <aristovski@qnx.com>
To: gdb-patches@sources.redhat.com
Subject: Re: [patch] buffer overflow in symtab_from_filename
Date: Thu, 25 Aug 2011 17:46:00 -0000 [thread overview]
Message-ID: <j361p2$bt$1@dough.gmane.org> (raw)
In-Reply-To: <m3vctl2y6d.fsf@fleche.redhat.com>
On 11-08-25 01:33 PM, Tom Tromey wrote:
>>>>>> "Aleksandar" == Aleksandar Ristovski<aristovski@qnx.com> writes:
>
> Aleksandar> Aleksandar Ristovski<aristovski@qnx.com>
> Aleksandar> * linespec.c (symtab_from_filename): Check for the end of string.
>
> What is the test case for this?
I didn't make one - I run into the issue while doing something else.
In my case, I would get it by command "b main": on entry to
symtab_from_filename (called from decode_line_1, ln 879), argptr points
to a pointer to argument passed to 'break' command; p (argument value on
entry) points to the end of the string ('\0'). Then this value is
assigned to p1.
lookup_symtab returns a symtab and code then goes on with incrementing
p1 by one, making it point past the end of the string. After this point
it is unpredictable what would happen, but what happened in my case,
*argptr gets garbled (pointing to garbage past the end of the argument).
I think it is obvious enough to not warrant a separate test case?
next prev parent reply other threads:[~2011-08-25 17:46 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-25 16:06 Aleksandar Ristovski
2011-08-25 17:34 ` Tom Tromey
2011-08-25 17:46 ` Aleksandar Ristovski [this message]
2011-08-25 18:12 ` Tom Tromey
2011-08-26 18:04 ` Aleksandar Ristovski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='j361p2$bt$1@dough.gmane.org' \
--to=aristovski@qnx.com \
--cc=gdb-patches@sources.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox