espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-12-19 01:19:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

gdb/python/guile: fix segfault from nested prefix command creation

Browse Source 
A commit I recently pushed:

  commit 0b5023cc71
  Date:   Sat Apr 12 09:15:53 2025 +0100

      gdb/python/guile: user created prefix commands get help list

can trigger a segfault if a user tries to create nested prefix
commands.  For example, this will trigger a crash:

  (gdb) python gdb.ParameterPrefix("prefix-1", gdb.COMMAND_NONE)
  (gdb) python gdb.ParameterPrefix("prefix-1 prefix-2", gdb.COMMAND_NONE)

  Fatal signal: Segmentation fault
  ... etc ...

If the user adds an actual parameter under 'prefix-1' before creating
'prefix-2', then everything is fine:

  (gdb) python gdb.ParameterPrefix("prefix-1", gdb.COMMAND_NONE)
  (gdb) python gdb.Parameter('prefix-1 param-1', gdb.COMMAND_NONE, gdb.PARAM_BOOLEAN)
  (gdb) python gdb.ParameterPrefix("prefix-1 prefix-2", gdb.COMMAND_NONE)

The mistake in the above patch is in how gdbpy_parse_command_name is
used.  The BASE_LIST output argument from this function points to the
list of commands for the prefix, not to the prefix command itself.

So when gdbpy_parse_command_name is called for 'prefix-1 prefix-2',
BASE_LIST points to the list of commands associated with 'prefix-1',
not to the actual 'prefix-1' cmd_list_element.

Back in cmdpy_init, from where gdbpy_parse_command_name was called, I
was walking back from the first entry in BASE_LIST to figure out if
this was a "show" prefix command or not.  However, if BASE_LIST is
empty then there is no first item, and this would trigger the
segfault.

The solution it to extend gdbpy_parse_command_name to also return the
prefix cmd_list_element in addition to the existing values.  With this
done, and cmdpy_init updated, the segfault is now avoided.

There's a new test that would trigger the crash without the patch.

And, of course, the above commit also broke guile in the exact same
way.  And the fix is exactly the same.  And there's a guile test too.

NOTE: We should investigate possibly sharing some of this boiler plate
helper code between Python and Guile.  But not in this commit.

Approved-By: Tom Tromey <tom@tromey.com>
This commit is contained in:
Andrew Burgess
2025-06-03 17:23:10 +01:00
parent 4c14598706
commit f84a4db958
6 changed files with 103 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
gdb/python/py-cmd.c
View File

@@ -334,24 +334,30 @@ cmdpy_completer (struct cmd_list_element *command,
name of the new command. All earlier words must be existing prefix
commands.
*BASE_LIST is set to the final prefix command's list of
*sub-commands.
*BASE_LIST is set to the final prefix command's list of sub-commands.
START_LIST is the list in which the search starts.
When PREFIX_CMD is not NULL then *PREFIX_CMD is set to the prefix
command itself, or NULL, if there is no prefix command.
This function returns the name of the new command. On error sets the Python
error and returns NULL. */
gdb::unique_xmalloc_ptr<char>
gdbpy_parse_command_name (const char *name,
struct cmd_list_element ***base_list,
struct cmd_list_element **start_list)
struct cmd_list_element **start_list,
struct cmd_list_element **prefix_cmd)
{
struct cmd_list_element *elt;
int len = strlen (name);
int i, lastchar;
const char *prefix_text2;
if (prefix_cmd != nullptr)
*prefix_cmd = nullptr;
/* Skip trailing whitespace. */
for (i = len - 1; i >= 0 && (name[i] == ' ' || name[i] == '\t'); --i)
;
@@ -393,6 +399,8 @@ gdbpy_parse_command_name (const char *name,
if (elt->is_prefix ())
{
*base_list = elt->subcommands;
if (prefix_cmd != nullptr)
*prefix_cmd = elt;
return result;
}
@@ -467,8 +475,9 @@ cmdpy_init (PyObject *self, PyObject *args, PyObject *kw)
return -1;
}
cmd_list_element *prefix_cmd = nullptr;
gdb::unique_xmalloc_ptr<char> cmd_name
= gdbpy_parse_command_name (name, &cmd_list, &cmdlist);
= gdbpy_parse_command_name (name, &cmd_list, &cmdlist, &prefix_cmd);
if (cmd_name == nullptr)
return -1;
@@ -525,11 +534,14 @@ cmdpy_init (PyObject *self, PyObject *args, PyObject *kw)
'set prefix' the user will get the help text listing all
of the sub-commands, and for 'show prefix', the user will
see all of the sub-command values. */
cmd_list_element *first = *cmd_list;
while (first->prefix != nullptr)
first = first->prefix;
if (prefix_cmd != nullptr)
{
while (prefix_cmd->prefix != nullptr)
prefix_cmd = prefix_cmd->prefix;
}
bool is_show = first->subcommands == &showlist;
bool is_show = (prefix_cmd != nullptr
&& prefix_cmd->subcommands == &showlist);
if (is_show)
cmd = add_show_prefix_cmd (cmd_name.get (),