-
Tom de Vries authoredWhen building gdb with address sanitizer and running test-case gdb.base/completion.exp, we run into: ... ==5743==ERROR: AddressSanitizer: heap-buffer-overflow on address \ 0x60200025c02f at pc 0x000000cd9d64 bp 0x7fff3297da30 sp 0x7fff3297da28 READ of size 1 at 0x60200025c02f thread T0 #0 0xcd9d63 in completion_tracker::build_completion_result(char const*, \ int, int) gdb/completer.c:2258 ... 0x60200025c02f is located 1 bytes to the left of 1-byte region \ [0x60200025c030,0x60200025c031) ... This can be reproduced using just: ... $ gdb (gdb) p/d[TAB] ... The problem is in this code in completion_tracker::build_completion_result: ... bool completion_suppress_append = (suppress_append_ws () || match_list[0][strlen (match_list[0]) - 1] == ' '); ... If strlen (match_list[0]) == 0, then we access match_list[0][-1]. Fix this by testing if the memory access is in bounds before doing the memory access. Tested on x86_64-linux. gdb/ChangeLog: 2020-12-04 Tom de Vries <tdevries@suse.de> PR gdb/27003 * completer.c (completion_tracker::build_completion_result): Don't access match_list[0][-1].aafdfb4e
To find the state of this project's repository at the time of any of these versions, check out the tags.