[Crash-utility] [PATCH] GDB: fix completion related libstdc++ assert

Currently, crash may generate core dump and print the following error when running the commands "l panic" or "p" TAB completion. crash> l panic /usr/include/c++/11/string_view:234: ... Aborted (core dumped) crash> p "TAB completion" crash> p /usr/include/c++/11/string_view:234: ... Aborted (core dumped) When the name string is null(the length of name is zero), there are multiple places where array access is out of bounds in the gdb/ada-lang.c(see ada_fold_name() and ada_lookup_name_info()). Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com&gt; Signed-off-by: Kazuhito Hagio <k-hagio-ab(a)nec.com&gt; --- gdb-10.2.patch | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/gdb-10.2.patch b/gdb-10.2.patch index 1332b6638028..16165839b360 100644 --- a/gdb-10.2.patch +++ b/gdb-10.2.patch @@ -1591,3 +1591,32 @@ max += 2; limit = cols / max; if (limit != 1 && (limit * max == cols)) +--- gdb-10.2/gdb/ada-lang.c.orig ++++ gdb-10.2/gdb/ada-lang.c +@@ -997,7 +997,7 @@ ada_fold_name (gdb::string_view name) + int len = name.size (); + GROW_VECT (fold_buffer, fold_buffer_size, len + 1); + +- if (name[0] == '\'') ++ if (name.size () > 0 && name[0] == '\'') + { + strncpy (fold_buffer, name.data () + 1, len - 2); + fold_buffer[len - 2] = '\000'; +@@ -1006,7 +1006,7 @@ ada_fold_name (gdb::string_view name) + { + int i; + +- for (i = 0; i <= len; i += 1) ++ for (i = 0; i < len; i++) + fold_buffer[i] = tolower (name[i]); + } + +@@ -13596,7 +13596,7 @@ ada_lookup_name_info::ada_lookup_name_info (const lookup_name_info &lookup_name) + { + gdb::string_view user_name = lookup_name.name (); + +- if (user_name[0] == '<') ++ if (user_name.size () > 0 && user_name[0] == '<') + { + if (user_name.back () == '>') + m_encoded_name -- 2.20.1