On 2023/10/23 17:44, Lianbo Jiang wrote:
> This is a partial backport patch from gdb commit 033bc52bb619 ("Avoid
> buffer overflow in ada_decode").
>
> The AddressSanitizer reports a dynamic-stack-buffer-overflow error as
> below:
> gdb/ada-lang.c:1388:16 in ada_decode[abi:cxx11](char const*, bool, bool)
>
> Add a missing bounds check to fix the current issue.
>
> Link: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
> Signed-off-by: Lianbo Jiang <lijiang@xxxxxxxxxx>
Looks good, applied.
https://github.com/crash-utility/crash/commit/a8e5e4cbae5464d7bb7db48e4e21178fc55572fc
Thanks,
Kazu
> ---
> Please see the CVE-2023-39128.
>
> gdb-10.2.patch | 14 +++++++++++++-
> 1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/gdb-10.2.patch b/gdb-10.2.patch
> index 16228b1dbf73..3098c1c3aaaa 100644
> --- a/gdb-10.2.patch
> +++ b/gdb-10.2.patch
> @@ -13,7 +13,8 @@ tar xvzmf gdb-10.2.tar.gz \
> gdb-10.2/gdb/printcmd.c \
> gdb-10.2/gdb/symfile.c \
> gdb-10.2/gdb/Makefile.in \
> - gdb-10.2/gdb/dwarf2/read.c
> + gdb-10.2/gdb/dwarf2/read.c \
> + gdb-10.2/gdb/ada-lang.c
>
> exit 0
>
> @@ -3145,3 +3146,14 @@ exit 0
> strcat(req->buf, buf);
> }
> }
> +--- gdb-10.2//gdb/ada-lang.c.orig
> ++++ gdb-10.2/gdb/ada-lang.c
> +@@ -1158,7 +1158,7 @@ ada_decode (const char *encoded)
> + i -= 1;
> + if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_')
> + len0 = i - 1;
> +- else if (encoded[i] == '$')
> ++ else if (i >= 0 && encoded[i] == '$')
> + len0 = i;
> + }
> +
--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/crash-utility
Contribution Guidelines: https://github.com/crash-utility/crash/wiki
