Hi Michael,
On Mon, 28 Feb 2011 03:15:47 +0100, Michael Snyder wrote:
--- objc-lang.c 10 Jan 2011 20:38:49 -0000 1.91
+++ objc-lang.c 28 Feb 2011 02:13:37 -0000
char myregexp[2048];
@@ -720,7 +720,7 @@ selectors_info (char *regexp, int from_t
strcpy(myregexp, ".*]");
else
{
- strcpy(myregexp, regexp);
+ strncpy(myregexp, regexp, sizeof (myregexp) - 1);
if (myregexp[strlen(myregexp) - 1] == '$') /* end of selector */
myregexp[strlen(myregexp) - 1] = ']'; /* end of method name */
else
I agree it fixes a bug. But still if the limit applies then the immediately
following strlen will read uninitialized memory myregexp[2047].
Do you agree with this fix instead?
(Yes, the code should be completely different but we fix only bugs now.)
gdb/
2011-02-28 Jan Kratochvil <jan.kratochvil@redhat.com>
* objc-lang.c (selectors_info): Error on too long REGEXP.
--- a/gdb/objc-lang.c
+++ b/gdb/objc-lang.c
@@ -720,7 +720,9 @@ selectors_info (char *regexp, int from_tty)
strcpy(myregexp, ".*]");
else
{
- strncpy(myregexp, regexp, sizeof (myregexp) - 1);
+ if (sizeof (myregexp) < strlen (regexp) + 1)
+ error (_("Regexp is too long: %s"), regexp);
+ strcpy(myregexp, regexp);
if (myregexp[strlen(myregexp) - 1] == '$') /* end of selector */
myregexp[strlen(myregexp) - 1] = ']'; /* end of method name */
else