This is the mail archive of the
gdb-prs@sourceware.org
mailing list for the GDB project.
[Bug gdb/10684] gdb crashes when given enough multiline input
- From: "john dot wright at hp dot com" <sourceware-bugzilla at sourceware dot org>
- To: gdb-prs at sourceware dot org
- Date: 22 Sep 2009 23:55:36 -0000
- Subject: [Bug gdb/10684] gdb crashes when given enough multiline input
- References: <20090922234523.10684.john.wright@hp.com>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From john dot wright at hp dot com 2009-09-22 23:55 -------
(Sorry for lack of original description - I hit enter accidentally.)
If you enter a long multi-line command in gdb, it will often crash. I'm
attaching an expect script that consistently crashes gdb for me (both on
Debian's version 6.8-3 and 6.8.50.20090628-4, and on CVS head
(7.0.50.20090922-cvs), on amd64 and i386.
The problem seems to be an strdup in command_line_handler in gdb/event-top.c
that uses a source that is not nul-terminated. If the last line of the input is
a backslash, it copies the current linebuffer into the global
readline_input_state.linebuffer using strdup, and sets the global more_to_come
to 1. Next time that function is called, it sees more_to_come is true, and
strcpy's readline_input_state.linebuffer into linebuffer -- but linebuffer has
been allocated to something smaller than what's in readline_input_state, since
it was strdup'd from a string that wasn't nul-terminated. Eventually
(especially if you continue the line enough times), this will corrupt the heap
and cause gdb to crash.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=10684
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.