This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] buffer overflow in symtab_from_filename

From: Tom Tromey <tromey at redhat dot com>
To: Aleksandar Ristovski <aristovski at qnx dot com>
Cc: gdb-patches at sources dot redhat dot com
Date: Thu, 25 Aug 2011 12:12:01 -0600
Subject: Re: [patch] buffer overflow in symtab_from_filename
References: <j35rrb$m07$1@dough.gmane.org> <m3vctl2y6d.fsf@fleche.redhat.com> <j361p2$bt$1@dough.gmane.org>

Aleksandar> In my case, I would get it by command "b main": on entry to
Aleksandar> symtab_from_filename (called from decode_line_1, ln 879),
Aleksandar> argptr points to a pointer to argument passed to 'break'
Aleksandar> command; p (argument value on entry) points to the end of
Aleksandar> the string ('\0'). Then this value is assigned to p1.

I would have thought that lookup_symtab would return NULL here, causing
the throw_error branch to be taken.

I guess it could happen with 'break main.c'.

Aleksandar> I think it is obvious enough to not warrant a separate test case?

I agree.

Patch is ok, please commit.

Tom

Follow-Ups:
- Re: [patch] buffer overflow in symtab_from_filename
  - From: Aleksandar Ristovski

References:
- [patch] buffer overflow in symtab_from_filename
  - From: Aleksandar Ristovski
- Re: [patch] buffer overflow in symtab_from_filename
  - From: Tom Tromey
- Re: [patch] buffer overflow in symtab_from_filename
  - From: Aleksandar Ristovski

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]