tui-disasm: Fix window content buffer overrun
authorAndreas Arnez <arnez@linux.vnet.ibm.com>
Wed, 9 Nov 2016 12:02:12 +0000 (13:02 +0100)
committerAndreas Arnez <arnez@linux.vnet.ibm.com>
Wed, 9 Nov 2016 12:02:12 +0000 (13:02 +0100)
commit0bb65f1e7c9eed7338ef2e4a2f5b42d010409c39
treedf300a6c6d78608fa6701239cb2465321b10fa46
parent82b19a4d2f9c9e8d56fdffdd702f7db4af486386
tui-disasm: Fix window content buffer overrun

A user reported a GDB crash with TUI when trying to debug a function
with a long demangled C++ method name.  It turned out that the logic for
displaying the TUI disassembly window has a bug that can cause a buffer
overrun, possibly overwriting GDB-internal data structures.  In
particular, the logic performs an unguarded strcpy.

Another (harmless) bug in tui_alloc_source_buffer causes the buffer to
be two lines longer than needed.  This may have made the crash appear
less frequently.

gdb/ChangeLog:

* tui/tui-disasm.c (tui_set_disassem_content): Fix line buffer
overrun due to unchecked strcpy.

gdb/testsuite/ChangeLog:

* gdb.base/tui-layout.c: New file.
* gdb.base/tui-layout.exp: Use tui-layout.c, to ensure that the
disassembly window contains very long lines.
gdb/ChangeLog
gdb/testsuite/ChangeLog
gdb/testsuite/gdb.base/tui-layout.c [new file with mode: 0644]
gdb/testsuite/gdb.base/tui-layout.exp
gdb/tui/tui-disasm.c