36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From 97a2288fb7aa2078b5a63166819ed8b33fc71ab2 Mon Sep 17 00:00:00 2001
|
|
From: liningjie <liningjie@xfusion.com>
|
|
Date: Fri, 28 Jul 2023 14:00:03 +0800
|
|
Subject: [PATCH] Avoid buffer overflow in ada_decode
|
|
|
|
A bug report pointed out a buffer overflow in ada_decode, which Keith
|
|
helpfully analyzed. ada_decode had a logic error when the input was
|
|
all digits. While this isn't valid -- and would probably only appear
|
|
in fuzzer tests -- it still should be handled properly.
|
|
|
|
This patch adds a missing bounds check. Tested with the self-tests in
|
|
an asan build.
|
|
|
|
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
|
|
Reviewed-by: Keith Seitz <keiths@redhat.com>
|
|
---
|
|
gdb/ada-lang.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
|
|
index 0c2d4fc..1ff74ca 100644
|
|
--- a/gdb/ada-lang.c
|
|
+++ b/gdb/ada-lang.c
|
|
@@ -1184,7 +1184,7 @@ ada_decode (const char *encoded)
|
|
i -= 1;
|
|
if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_')
|
|
len0 = i - 1;
|
|
- else if (encoded[i] == '$')
|
|
+ else if (i >= 0 && encoded[i] == '$')
|
|
len0 = i;
|
|
}
|
|
|
|
--
|
|
2.33.0
|
|
|