projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 473ab96)
Fix buffer underflow in add_path
authorTom Tromey <tromey@adacore.com>
Mon, 17 May 2021 18:55:18 +0000 (12:55 -0600)
committerTom Tromey <tromey@adacore.com>
Mon, 17 May 2021 19:01:42 +0000 (13:01 -0600)
Address sanitizer pointed out a buglet in source.c:add_path.
In this test, from gdb.base/source-dir.exp:

    (gdb) set directories :/foo:/bar

... 'p[-1]' will result in a buffer underflow.
This patch fixes the bug by introducing a new check.

2021-05-17  Tom Tromey  <tromey@adacore.com>

* source.c (add_path): Check 'p' before using 'p[-1]'.

gdb/ChangeLog patch | blob | history
gdb/source.c patch | blob | history

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index b2743646511ae88264eb674dd3ec32c007b92f81..a7ee02cb55c205265a220ae016ca76d9b2d3b96f 100644 (file)
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,7 @@
+2021-05-17  Tom Tromey  <tromey@adacore.com>
+
+       * source.c (add_path): Check 'p' before using 'p[-1]'.
+
 2021-05-17  Tom Tromey  <tromey@adacore.com>
 
        * dwarf2/read.h (struct dwarf2_per_cu_data_deleter: New.
diff --git a/gdb/source.c b/gdb/source.c
index 6fc27ae72f78a35da8b6f220e3ea02424a315d35..b6dab6eb236a3db4ff181e1446597edce17526e5 100644 (file)
--- a/gdb/source.c
+++ b/gdb/source.c
@@ -537,6 +537,7 @@ add_path (const char *dirname, char **which_path, int parse_separators)
       /* On MS-DOS and MS-Windows, h:\ is different from h: */
             && !(p == name + 3 && name[1] == ':')              /* "d:/" */
 #endif
+            && p > name
             && IS_DIR_SEPARATOR (p[-1]))
        /* Sigh.  "foo/" => "foo" */
        --p;