This is a partial backport patch from gdb commit 033bc52bb619 ("Avoid
buffer overflow in ada_decode").The AddressSanitizer reports a dynamic-stack-buffer-overflow error as below: gdb/ada-lang.c:1388:16 in ada_decode[abi:cxx11](char const*, bool, bool) Add a missing bounds check to fix the current issue. Link: https://sourceware.org/bugzilla/show_bug.cgi?id=30639 Signed-off-by: Lianbo Jiang <liji...@redhat.com> --- Please see the CVE-2023-39128. gdb-10.2.patch | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/gdb-10.2.patch b/gdb-10.2.patch index 16228b1dbf73..3098c1c3aaaa 100644 --- a/gdb-10.2.patch +++ b/gdb-10.2.patch @@ -13,7 +13,8 @@ tar xvzmf gdb-10.2.tar.gz \ gdb-10.2/gdb/printcmd.c \ gdb-10.2/gdb/symfile.c \ gdb-10.2/gdb/Makefile.in \ - gdb-10.2/gdb/dwarf2/read.c + gdb-10.2/gdb/dwarf2/read.c \ + gdb-10.2/gdb/ada-lang.c exit 0 @@ -3145,3 +3146,14 @@ exit 0 strcat(req->buf, buf); } } +--- gdb-10.2//gdb/ada-lang.c.orig ++++ gdb-10.2/gdb/ada-lang.c +@@ -1158,7 +1158,7 @@ ada_decode (const char *encoded) + i -= 1; + if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_') + len0 = i - 1; +- else if (encoded[i] == '$') ++ else if (i >= 0 && encoded[i] == '$') + len0 = i; + } + -- 2.41.0 -- Crash-utility mailing list Crash-utility@redhat.com https://listman.redhat.com/mailman/listinfo/crash-utility Contribution Guidelines: https://github.com/crash-utility/crash/wiki
