This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[commit] objc-lang.c, classes_info, avoid string overrun
- From: Michael Snyder <msnyder at vmware dot com>
- To: "gdb-patches at sourceware dot org" <gdb-patches at sourceware dot org>
- Date: Mon, 28 Feb 2011 17:46:03 -0800
- Subject: [commit] objc-lang.c, classes_info, avoid string overrun
This is the same problem as with selectors_info, so I just applied
the same solution.
2011-02-28 Michael Snyder <msnyder@vmware.com>
* objc-lang.c (selectors_info): Add a small safety margin to
avoid overflow.
(classes_info): Error out on too long REGEXP.
Index: objc-lang.c
===================================================================
RCS file: /cvs/src/src/gdb/objc-lang.c,v
retrieving revision 1.93
diff -u -p -u -p -r1.93 objc-lang.c
--- objc-lang.c 28 Feb 2011 18:14:34 -0000 1.93
+++ objc-lang.c 1 Mar 2011 01:41:39 -0000
@@ -720,7 +720,7 @@ selectors_info (char *regexp, int from_t
strcpy(myregexp, ".*]");
else
{
- if (sizeof (myregexp) < strlen (regexp) + 1)
+ if (sizeof (myregexp) < strlen (regexp) + 4)
error (_("Regexp is too long: %s"), regexp);
strcpy(myregexp, regexp);
if (myregexp[strlen(myregexp) - 1] == '$') /* end of selector */
@@ -863,6 +863,8 @@ classes_info (char *regexp, int from_tty
strcpy(myregexp, ".* "); /* Null input: match all objc classes. */
else
{
+ if (sizeof (myregexp) < strlen (regexp) + 4)
+ error (_("Regexp is too long: %s"), regexp);
strcpy(myregexp, regexp);
if (myregexp[strlen(myregexp) - 1] == '$')
/* In the method name, the end of the class name is marked by ' '. */