This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[PATCH] TUI: Fix buffer overflow in tui_expand_tabs
- From: Anton Blanchard <anton at samba dot org>
- To: gdb-patches at sourceware dot org, eliz at gnu dot org
- Date: Tue, 17 Mar 2015 10:30:09 +1100
- Subject: [PATCH] TUI: Fix buffer overflow in tui_expand_tabs
- Authentication-results: sourceware.org; auth=none
tui_expand_tabs writes past the end of the buffers it allocates
because we forget to zero out col. This results in us adding more
spaces than we need to get aligned, and we write past the end of the
allocated buffer.
This was noticed on Ubuntu Vivid ppc64le, where gdb would SEGV when
using the TUI.
2015-03-17 Anton Blanchard <anton@samba.org>
gdb/ChangeLog:
* tui/tui-io.c (tui_expand_tabs): Zero col before reusing.
---
gdb/ChangeLog | 4 ++++
gdb/tui/tui-io.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index d984565..4e0177a 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,7 @@
+2015-03-17 Anton Blanchard <anton@samba.org>
+
+ * tui/tui-io.c (tui_expand_tabs): Zero col before reusing.
+
2015-03-16 John Baldwin <jhb@FreeBSD.org>
* fbsd-tdep.c (fbsd_make_corefile_notes): Fetch all target registers
diff --git a/gdb/tui/tui-io.c b/gdb/tui/tui-io.c
index a8af9b6..02ae17d 100644
--- a/gdb/tui/tui-io.c
+++ b/gdb/tui/tui-io.c
@@ -690,7 +690,7 @@ tui_expand_tabs (const char *string, int col)
ret = q = xmalloc (strlen (string) + n_adjust + 1);
/* 2. Copy the original string while replacing TABs with spaces. */
- for (s = string; s; )
+ for (col = 0, s = string; s; )
{
char *s1 = strpbrk (s, "\t");
if (s1)
--
2.1.0