0a1bf7617d
Signed-off-by: SuperSix173 <liuchao173@huawei.com> (cherry picked from commit 44afc64fbb22beb913ce9792111ee813ee268941)
36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From 033bc52bb6190393c8eed80925fa78cc35b40c6d Mon Sep 17 00:00:00 2001
|
|
From: Tom Tromey <tromey@adacore.com>
|
|
Date: Wed, 16 Aug 2023 11:29:19 -0600
|
|
Subject: [PATCH] Avoid buffer overflow in ada_decode
|
|
|
|
A bug report pointed out a buffer overflow in ada_decode, which Keith
|
|
helpfully analyzed. ada_decode had a logic error when the input was
|
|
all digits. While this isn't valid -- and would probably only appear
|
|
in fuzzer tests -- it still should be handled properly.
|
|
|
|
This patch adds a missing bounds check. Tested with the self-tests in
|
|
an asan build.
|
|
|
|
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
|
|
Reviewed-by: Keith Seitz <keiths@redhat.com>
|
|
---
|
|
gdb/ada-lang.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
|
|
index 0c2d4fc..1ff74ca 100644
|
|
--- a/gdb/ada-lang.c
|
|
+++ b/gdb/ada-lang.c
|
|
@@ -1184,7 +1184,7 @@ ada_decode (const char *encoded)
|
|
i -= 1;
|
|
if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_')
|
|
len0 = i - 1;
|
|
- else if (encoded[i] == '$')
|
|
+ else if (i >= 0 && encoded[i] == '$')
|
|
len0 = i;
|
|
}
|
|
|
|
--
|
|
2.33.0
|
|
|