From: Tom Tromey <tromey@adacore.com>
Date: Mon, 17 May 2021 18:55:18 +0000 (-0600)
Subject: Fix buffer underflow in add_path
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=baea2f9d52d606f6b58a736420017c98351f5b5c;p=binutils-gdb.git

Fix buffer underflow in add_path

Address sanitizer pointed out a buglet in source.c:add_path.
In this test, from gdb.base/source-dir.exp:

    (gdb) set directories :/foo:/bar

... 'p[-1]' will result in a buffer underflow.
This patch fixes the bug by introducing a new check.

2021-05-17  Tom Tromey  <tromey@adacore.com>

	* source.c (add_path): Check 'p' before using 'p[-1]'.
---

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index b2743646511..a7ee02cb55c 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,7 @@
+2021-05-17  Tom Tromey  <tromey@adacore.com>
+
+	* source.c (add_path): Check 'p' before using 'p[-1]'.
+
 2021-05-17  Tom Tromey  <tromey@adacore.com>
 
 	* dwarf2/read.h (struct dwarf2_per_cu_data_deleter: New.
diff --git a/gdb/source.c b/gdb/source.c
index 6fc27ae72f7..b6dab6eb236 100644
--- a/gdb/source.c
+++ b/gdb/source.c
@@ -537,6 +537,7 @@ add_path (const char *dirname, char **which_path, int parse_separators)
       /* On MS-DOS and MS-Windows, h:\ is different from h: */
 	     && !(p == name + 3 && name[1] == ':')		/* "d:/" */
 #endif
+	     && p > name
 	     && IS_DIR_SEPARATOR (p[-1]))
 	/* Sigh.  "foo/" => "foo" */
 	--p;