[RFA] decode_line_1 segfault

[Keith Seitz <keiths at cygnus dot com>]

Hi,

Try this:

(gdb) file foo
Loading symbols...
(gdb) b "foo"
Segmentation fault (core dump)

It doesn't matter what exe you load or what function you want to break at.

What's happening is that decode_line_1 will skip over the first quote in 
the string, but it doesn't do so in a way which is safe for the upcoming 
memcpy, e.g., *argptr is the first quote, but p is the last 'o' (not the 
quote). As a result, decode_line_1 attempts to alloca 0 bytes and memcpy 
a buffer of length -1.

This patch shows no testsuite regressions on RH6.2.

I have no idea if this is 100% correct, but some comments in the file 
lead me to believe that the first quote should be swallowed. Testcase to 
follow.

Here's what gdb now reports:

(gdb) file foo
Loading symbols...
(gdb) b "foo"
Function "foo" not defined.
(gdb) b "Foo::foo"
Can't find member of namespace, class, struct, or union named "Foo::foo"
Hint: try '"Foo::foo<TAB> or '"Foo::foo<ESC-?>
(Note leading single quote.)
(gdb) b "Foo::foo<int,int>"
Can't find member of namespace, class, struct, or union named 
"Foo::foo<int,int>"
Hint: try '"Foo::foo<int,int><TAB> or '"Foo::foo<int,int><ESC-?>
(Note leading single quote.)
 (gdb) b 
"foo.c:3" No source file named foo.c.

Comments?
Keith

Index: linespec.c
===================================================================
RCS file: /cvs/src/src/gdb/linespec.c,v
retrieving revision 1.4
diff -p -p -r1.4 linespec.c
*** linespec.c	2000/12/15 01:01:48	1.4
--- linespec.c	2001/02/27 01:11:51
*************** decode_line_1 (char **argptr, int funfir
*** 611,620 ****
  
    s = NULL;
    p = *argptr;
!   if (p[0] == '"')
      {
        is_quote_enclosed = 1;
!       p++;
      }
    else
      is_quote_enclosed = 0;
--- 611,620 ----
  
    s = NULL;
    p = *argptr;
!   if (**argptr == '"')
      {
        is_quote_enclosed = 1;
!       (*argptr)++;
      }
    else
      is_quote_enclosed = 0;