-----Original Message----- > Currently crash built with some specific flags (-D_GLIBCXX_ASSERTIONS > and etc.) may abort and print the following error when running the gdb > list command or tab-completion of symbols. For example: > > crash> l panic > /usr/include/c++/11/string_view:234: ... > Aborted (core dumped) > > crash> p "TAB completion" > crash> p /usr/include/c++/11/string_view:234: ... > Aborted (core dumped) > > When the name string is null(the length of name is zero), there are > multiple places where array access is out of bounds in the gdb/ada-lang.c > (see ada_fold_name() and ada_lookup_name_info()). > > The patch backports these gdb patches: > 6a780b676637 ("Fix completion related libstdc++ assert when using -D_GLIBCXX_DEBUG") > 2ccee230f830 ("Fix off-by-one error in ada_fold_name") > > Signed-off-by: Lianbo Jiang <lijiang@xxxxxxxxxx> > Signed-off-by: Kazuhito Hagio <k-hagio-ab@xxxxxxx> > --- > gdb-10.2.patch | 31 +++++++++++++++++++++++++++++++ > 1 file changed, 31 insertions(+) > > diff --git a/gdb-10.2.patch b/gdb-10.2.patch > index 1332b6638028..f5e4c06e6f97 100644 > --- a/gdb-10.2.patch > +++ b/gdb-10.2.patch > @@ -1591,3 +1591,34 @@ > max += 2; > limit = cols / max; > if (limit != 1 && (limit * max == cols)) > +--- gdb-10.2/gdb/ada-lang.c.orig > ++++ gdb-10.2/gdb/ada-lang.c > +@@ -997,7 +997,7 @@ ada_fold_name (gdb::string_view name) > + int len = name.size (); > + GROW_VECT (fold_buffer, fold_buffer_size, len + 1); > + > +- if (name[0] == '\'') > ++ if (!name.empty () && name[0] == '\'') > + { > + strncpy (fold_buffer, name.data () + 1, len - 2); > + fold_buffer[len - 2] = '\000'; > +@@ -1006,8 +1006,9 @@ ada_fold_name (gdb::string_view name) > + { > + int i; > + > +- for (i = 0; i <= len; i += 1) > ++ for (i = 0; i < len; i += 1) > + fold_buffer[i] = tolower (name[i]); > ++ fold_buffer[i] = '\0'; > + } > + > + return fold_buffer; > +@@ -13596,7 +13597,7 @@ ada_lookup_name_info::ada_lookup_name_info (const lookup_name_info &lookup_name) > + { > + gdb::string_view user_name = lookup_name.name (); > + > +- if (user_name[0] == '<') > ++ if (!user_name.empty () && user_name[0] == '<') > + { > + if (user_name.back () == '>') > + m_encoded_name > -- > 2.20.1 Thank you for updating this, Lianbo. Looks good and applied. Kazu -- Crash-utility mailing list Crash-utility@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/crash-utility