This is a partial backport patch from gdb commit 033bc52bb619 ("Avoid
buffer overflow in ada_decode").
The AddressSanitizer reports a dynamic-stack-buffer-overflow error as
below:
gdb/ada-lang.c:1388:16 in ada_decode[abi:cxx11](char const*, bool, bool)
Add a missing bounds check to fix the current issue.
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
Signed-off-by: Lianbo Jiang <lijiang@xxxxxxxxxx>
---
Please see the CVE-2023-39128.
gdb-10.2.patch | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/gdb-10.2.patch b/gdb-10.2.patch
index 16228b1dbf73..3098c1c3aaaa 100644
--- a/gdb-10.2.patch
+++ b/gdb-10.2.patch
@@ -13,7 +13,8 @@ tar xvzmf gdb-10.2.tar.gz \
gdb-10.2/gdb/printcmd.c \
gdb-10.2/gdb/symfile.c \
gdb-10.2/gdb/Makefile.in \
- gdb-10.2/gdb/dwarf2/read.c
+ gdb-10.2/gdb/dwarf2/read.c \
+ gdb-10.2/gdb/ada-lang.c
exit 0
@@ -3145,3 +3146,14 @@ exit 0
strcat(req->buf, buf);
}
}
+--- gdb-10.2//gdb/ada-lang.c.orig
++++ gdb-10.2/gdb/ada-lang.c
+@@ -1158,7 +1158,7 @@ ada_decode (const char *encoded)
+ i -= 1;
+ if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_')
+ len0 = i - 1;
+- else if (encoded[i] == '$')
++ else if (i >= 0 && encoded[i] == '$')
+ len0 = i;
+ }
+
--
2.41.0
--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/crash-utility
Contribution Guidelines: https://github.com/crash-utility/crash/wiki
