Re: [Crash-utility] [PATCH] gdb: avoid buffer overflow in ada_decode
On 2023/10/23 17:44, Lianbo Jiang wrote:
This is a partial backport patch from gdb commit 033bc52bb619
("Avoid
buffer overflow in ada_decode").
The AddressSanitizer reports a dynamic-stack-buffer-overflow error as
below:
gdb/ada-lang.c:1388:16 in ada_decode[abi:cxx11](char const*, bool, bool)
Add a missing bounds check to fix the current issue.
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com>
Looks good, applied.
https://github.com/crash-utility/crash/commit/a8e5e4cbae5464d7bb7db48e4e2...
Thanks,
Kazu
> ---
> Please see the CVE-2023-39128.
>
> gdb-10.2.patch | 14 +++++++++++++-
> 1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/gdb-10.2.patch b/gdb-10.2.patch
> index 16228b1dbf73..3098c1c3aaaa 100644
> --- a/gdb-10.2.patch
> +++ b/gdb-10.2.patch
> @@ -13,7 +13,8 @@ tar xvzmf gdb-10.2.tar.gz \
> gdb-10.2/gdb/printcmd.c \
> gdb-10.2/gdb/symfile.c \
> gdb-10.2/gdb/Makefile.in \
> - gdb-10.2/gdb/dwarf2/read.c
> + gdb-10.2/gdb/dwarf2/read.c \
> + gdb-10.2/gdb/ada-lang.c
>
> exit 0
>
> @@ -3145,3 +3146,14 @@ exit 0
> strcat(req->buf, buf);
> }
> }
> +--- gdb-10.2//gdb/ada-lang.c.orig
> ++++ gdb-10.2/gdb/ada-lang.c
> +@@ -1158,7 +1158,7 @@ ada_decode (const char *encoded)
> + i -= 1;
> + if (i > 1 && encoded[i] == '_' && encoded[i - 1]
== '_')
> + len0 = i - 1;
> +- else if (encoded[i] == '$')
> ++ else if (i >= 0 && encoded[i] == '$')
> + len0 = i;
> + }
> +