Fix use-after-free in number_or_range_parser

-fsanitize=address showed a use-after-free in number_or_range_parser.

The cause was that handle_line_of_input could stash the input into
"saved_command_line", and then this could be freed by reentrant calls.

This fixes the bug by preventing commands that are read by "commands"
from being eligible for repeating.

gdb/ChangeLog
2018-08-17  Tom Tromey  <tom@tromey.com>

	* cli/cli-script.c (read_next_line): Pass 0 as repeat argument to
	command_line_input.

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 9fac8ccf5f4278a321f689f91cbec6b95e89b1f3..a40f39f7bffe0a4cc5383a228dfefb2a896ac5f1 100644 (file)
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2018-08-17  Tom Tromey  <tom@tromey.com>
+
+       * cli/cli-script.c (read_next_line): Pass 0 as repeat argument to
+       command_line_input.
+
 2018-08-15  Tom Tromey  <tom@tromey.com>
 
        * aarch64-linux-tdep.c (aarch64_linux_core_read_vq): Use pulongest.

diff --git a/gdb/cli/cli-script.c b/gdb/cli/cli-script.c
index 6f31a40019750fde08b63a3d638b2b5d476cb56b..d03b3bcf60b4153d0d335495cec91eb518e94de5 100644 (file)
--- a/gdb/cli/cli-script.c
+++ b/gdb/cli/cli-script.c
@@ -903,7 +903,7 @@ read_next_line (void)
   else
     prompt_ptr = NULL;
 
-  return command_line_input (prompt_ptr, from_tty, "commands");
+  return command_line_input (prompt_ptr, 0, "commands");
 }
 
 /* Return true if CMD's name is NAME.  */