-----Original Message----- > > diff --git a/gdb-10.2.patch b/gdb-10.2.patch > > index 1332b6638028..16165839b360 100644 > > --- a/gdb-10.2.patch > > +++ b/gdb-10.2.patch > > @@ -1591,3 +1591,32 @@ > > max += 2; > > limit = cols / max; > > if (limit != 1 && (limit * max == cols)) > > +--- gdb-10.2/gdb/ada-lang.c.orig > > ++++ gdb-10.2/gdb/ada-lang.c > > +@@ -997,7 +997,7 @@ ada_fold_name (gdb::string_view name) > > + int len = name.size (); > > + GROW_VECT (fold_buffer, fold_buffer_size, len + 1); > > + > > +- if (name[0] == '\'') > > ++ if (name.size () > 0 && name[0] == '\'') > > + { > > + strncpy (fold_buffer, name.data () + 1, len - 2); > > + fold_buffer[len - 2] = '\000'; > > +@@ -1006,7 +1006,7 @@ ada_fold_name (gdb::string_view name) > > + { > > + int i; > > + > > +- for (i = 0; i <= len; i += 1) > > ++ for (i = 0; i < len; i++) > > + fold_buffer[i] = tolower (name[i]); > > According to 2ccee230f830 ("Fix off-by-one error in ada_fold_name"), > please add this: > > + fold_buffer[i] = '\0'; > > > > No, the above change will definitely cause a core dump because it assigns the value '\0' to a null pointer > when the name string is null. Hmm, I'm not familiar with gdb source, could you explain a little more? The following is the function with your patch. static char * ada_fold_name (gdb::string_view name) { static char *fold_buffer = NULL; static size_t fold_buffer_size = 0; int len = name.size (); GROW_VECT (fold_buffer, fold_buffer_size, len + 1); if (name.size () > 0 && name[0] == '\'') { strncpy (fold_buffer, name.data () + 1, len - 2); fold_buffer[len - 2] = '\000'; } else { int i; for (i = 0; i < len; i++) fold_buffer[i] = tolower (name[i]); } return fold_buffer; } The GROW_VECT() looks to alloc 1 byte to fold_buffer if name.size() is zero. Then len is zero, and nothing is done in the for loop, and fold_buffer[i] (== fold_buffer[0]) can be set '\0', I thought. > + fold_buffer[i] = '\0'; And as far as I've tried, no abort occured. Thanks, Kazu -- Crash-utility mailing list Crash-utility@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/crash-utility