mirrors/binutils-gdb
1
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2024-11-25 02:53:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
98,875 Commits 383 Branches 134 Tags 572 MiB
C 51.3%
Makefile 22.8%
Assembly 12.4%
C++ 5.9%
Roff 1.4%
Other 5.7%
32a1adcccf
Go to file
Andrew Burgess 32a1adcccf gdb/readline: fix use of an undefined variable 
This commit in binutils-gdb:

  commit 830b67068c
  Date:   Fri Jul 12 09:53:02 2019 +0200

      [readline] Fix heap-buffer-overflow in update_line

Which corresponds to this commit in upstream readline:

  commit 31547b4ea4a1a904e1b08e2bc4b4ebd5042aedaa
  Date:   Mon Aug 5 10:24:27 2019 -0400

      commit readline-20190805 snapshot

Introduced a use of an undefined variable, which can be seen using
valgrind:

  $ valgrind --tool=memcheck gdb
  GNU gdb (GDB) 8.3.50.20190918-git
  Copyright (C) 2019 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.
  Type "show copying" and "show warranty" for details.
  This GDB was configured as "x86_64-pc-linux-gnu".
  Type "show configuration" for configuration details.
  For bug reporting instructions, please see:
  <http://www.gnu.org/software/gdb/bugs/>.
  Find the GDB manual and other documentation resources online at:
      <http://www.gnu.org/software/gdb/documentation/>.

  For help, type "help".
  Type "apropos word" to search for commands related to "word".
  ==24924== Conditional jump or move depends on uninitialised value(s)
  ==24924==    at 0x9986C3: rl_redisplay (display.c:710)
  ==24924==    by 0x9839CE: readline_internal_setup (readline.c:447)
  ==24924==    by 0x9A1C2B: _rl_callback_newline (callback.c:100)
  ==24924==    by 0x9A1C85: rl_callback_handler_install (callback.c:111)
  ==24924==    by 0x6195EB: gdb_rl_callback_handler_install(char const*) (event-top.c:319)
  ==24924==    by 0x61975E: display_gdb_prompt(char const*) (event-top.c:409)
  ==24924==    by 0x4FBFE3: cli_interp_base::pre_command_loop() (cli-interp.c:286)
  ==24924==    by 0x6E53DA: interp_pre_command_loop(interp*) (interps.c:321)
  ==24924==    by 0x731F30: captured_command_loop() (main.c:334)
  ==24924==    by 0x733568: captured_main(void*) (main.c:1182)
  ==24924==    by 0x7335CE: gdb_main(captured_main_args*) (main.c:1197)
  ==24924==    by 0x41325D: main (gdb.c:32)
  ==24924==
  (gdb)

The problem can be traced back to init_line_structures.  The very
first time this function is ever called its MINSIZE parameter is
always 0 and the global LINE_SIZE is 1024.  Prior to the above
mentioned commits we spot that the line_state variables have not yet
been initialised, and allocate them some new buffer, then we enter
this loop:

  for (n = minsize; n < line_size; n++)
    {
      visible_line[n] = 0;
      invisible_line[n] = 1;
    }

which would initialise everything from the incoming minimum up to the
potentially extended upper line size.

The problem is that the above patches added a new condition that would
bump up the minsize like this:

  if (minsize <= _rl_screenwidth)	/* XXX - for gdb */
    minsize = _rl_screenwidth + 1;

So, the first time this function is called the incoming MINSIZE is 0,
the LINE_SIZE global is 1024, and if the _rl_screenwidth is 80, we see
that MINSIZE will be pushed up to 80.  We still notice that the line
state is uninitialised and allocate some buffers, then we enter the
initialisation loop:

  for (n = minsize; n < line_size; n++)
    {
      visible_line[n] = 0;
      invisible_line[n] = 1;
    }

And initialise from 80 to 1023 i the newly allocated buffers, leaving
0 to 79 uninitialised.

To confirm this is an issue, if we then look at rl_redisplay we see
that a call to init_line_structures is followed first by a call to
rl_on_new_line, which does initialise visible_line[0], but not
invisible_line[0].  Later in rl_redisplay we have this logic:

  if (visible_line[0] != invisible_line[0])
    rl_display_fixed = 0;

The use of invisible_line[0] here will be undefined.

Considering how this variable was originally initialised before the
above patches, this patch modifies the initialisation loop in
init_line_structures, to use the original value of MINSIZE.  With this
change the valgrind warning goes away.

readline/ChangeLog:

	PR cli/24980
	* display.c (init_line_structures): Initialise line_state using
	original minsize value.
2019-09-23 22:35:05 +01:00
bfd PowerPC64 dynamic symbol tweaks 2019-09-23 23:49:25 +09:30
binutils coff bfd.h tidy 2019-09-23 10:27:21 +09:30
config Add markers for 2.33 branch to NEWS and ChangeLog files. 2019-09-09 10:27:40 +01:00
contrib Update dg-extract-results.* from gcc 2018-08-06 16:05:16 +02:00
cpu Add markers for 2.33 branch to NEWS and ChangeLog files. 2019-09-09 10:27:40 +01:00
elfcpp Add markers for 2.33 branch to NEWS and ChangeLog files. 2019-09-09 10:27:40 +01:00
etc Update year range in copyright notice of binutils files 2019-01-01 22:06:53 +10:30
gas ecoff bfd.h tidy 2019-09-23 10:27:22 +09:30
gdb sim: Add PRU simulator port 2019-09-23 22:11:02 +01:00
gnulib Fix Gnulib glob.c resource leaks found by Coverity 2019-08-28 15:19:28 +01:00
gold implicit conversion from enum ld_plugin_level to enum ld_plugin_status 2019-09-23 23:44:21 +09:30
gprof bfd_section_* macros 2019-09-19 09:40:13 +09:30
include linker bfd.h tidy 2019-09-23 10:27:22 +09:30
intl Change version to 2.32.51 and regenerate configure and pot files. 2019-01-19 16:51:42 +00:00
ld ld-plugin/pr24406-1.c: Correct buffer size to read 2019-09-23 08:51:36 -07:00
libctf bfd_section_* macros 2019-09-19 09:40:13 +09:30
libdecnumber Merge config/ changes from GCC. 2018-10-31 17:16:41 +00:00
libiberty Synchronize libiberty sources with gcc mainline. 2019-08-09 16:16:18 +01:00
opcodes m68k bfd.h tidy 2019-09-23 10:27:22 +09:30
readline gdb/readline: fix use of an undefined variable 2019-09-23 22:35:05 +01:00
sim Add testsuite for the PRU simulator port 2019-09-23 22:11:16 +01:00
texinfo
zlib Merge config/ changes from GCC. 2018-10-31 17:16:41 +00:00
.cvsignore
.gitattributes
.gitignore Add archives and make stamps to the .gitignore file. 2016-09-27 15:10:42 +01:00
ar-lib Bump to autoconf 2.69 and automake 1.15.1 2018-06-19 16:55:06 -04:00
ChangeLog Add markers for 2.33 branch to NEWS and ChangeLog files. 2019-09-09 10:27:40 +01:00
compile
config-ml.in Update top level configure files by synchronizing them with gcc. 2018-01-10 15:29:21 +00:00
config.guess config.guess,config.sub: synchronize with config project master sources 2019-05-23 18:19:56 +02:00
config.rpath
config.sub config.guess,config.sub: synchronize with config project master sources 2019-05-23 18:19:56 +02:00
configure Add --with-static-standard-libraries to the top level 2019-08-19 10:17:11 -06:00
configure.ac Add --with-static-standard-libraries to the top level 2019-08-19 10:17:11 -06:00
COPYING
COPYING3
COPYING3.LIB
COPYING.LIB
COPYING.LIBGLOSS Update the address of the FSF in the copyright notice of files which were using the old address. 2017-12-14 12:48:55 +00:00
COPYING.NEWLIB
depcomp
djunpack.bat
install-sh
libtool.m4 Bump to autoconf 2.69 and automake 1.15.1 2018-06-19 16:55:06 -04:00
lt~obsolete.m4
ltgcc.m4
ltmain.sh
ltoptions.m4
ltsugar.m4
ltversion.m4
MAINTAINERS Move gnulib to top level 2019-06-14 12:40:02 -06:00
Makefile.def Move gnulib to top level 2019-06-14 12:40:02 -06:00
Makefile.in Move gnulib to top level 2019-06-14 12:40:02 -06:00
Makefile.tpl Revert "Sync top level files with versions from gcc." 2019-05-30 11:17:19 +01:00
makefile.vms
missing
mkdep
mkinstalldirs
move-if-change Update `move-if-change' from gnulib 2014-11-16 17:04:02 +01:00
multilib.am Merge autoconf / automake update changes from GCC. 2018-10-31 17:10:56 +00:00
README
README-maintainer-mode Bump to autoconf 2.69 and automake 1.15.1 2018-06-19 16:55:06 -04:00
setup.com
src-release.sh adjust src-release following the renaming of gdb/common/ to gdb/gdbsupport/ 2019-07-13 18:00:32 -07:00
symlink-tree
test-driver Bump to autoconf 2.69 and automake 1.15.1 2018-06-19 16:55:06 -04:00
ylwrap

README 

		   README for GNU development tools

This directory contains various GNU compilers, assemblers, linkers, 
debuggers, etc., plus their support routines, definitions, and documentation.

If you are receiving this as part of a GDB release, see the file gdb/README.
If with a binutils release, see binutils/README;  if with a libg++ release,
see libg++/README, etc.  That'll give you info about this
package -- supported targets, how to use it, how to report bugs, etc.

It is now possible to automatically configure and build a variety of
tools with one command.  To build all of the tools contained herein,
run the ``configure'' script here, e.g.:

	./configure 
	make

To install them (by default in /usr/local/bin, /usr/local/lib, etc),
then do:
	make install

(If the configure script can't determine your type of computer, give it
the name as an argument, for instance ``./configure sun4''.  You can
use the script ``config.sub'' to test whether a name is recognized; if
it is, config.sub translates it to a triplet specifying CPU, vendor,
and OS.)

If you have more than one compiler on your system, it is often best to
explicitly set CC in the environment before running configure, and to
also set CC when running make.  For example (assuming sh/bash/ksh):

	CC=gcc ./configure
	make

A similar example using csh:

	setenv CC gcc
	./configure
	make

Much of the code and documentation enclosed is copyright by
the Free Software Foundation, Inc.  See the file COPYING or
COPYING.LIB in the various directories, for a description of the
GNU General Public License terms under which you can copy the files.

REPORTING BUGS: Again, see gdb/README, binutils/README, etc., for info
on where and how to report problems.