From: Tom Tromey <tom@tromey.com>
Date: Thu, 16 Aug 2018 00:37:00 +0000 (-0600)
Subject: Fix use-after-free in number_or_range_parser
X-Git-Tag: users/ARM/embedded-binutils-master-2018q4~1072
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=12582533306990c9406aedd960fa411c317a67de;p=thirdparty%2Fbinutils-gdb.git

Fix use-after-free in number_or_range_parser

-fsanitize=address showed a use-after-free in number_or_range_parser.

The cause was that handle_line_of_input could stash the input into
"saved_command_line", and then this could be freed by reentrant calls.

This fixes the bug by preventing commands that are read by "commands"
from being eligible for repeating.

gdb/ChangeLog
2018-08-17  Tom Tromey  <tom@tromey.com>

	* cli/cli-script.c (read_next_line): Pass 0 as repeat argument to
	command_line_input.
---

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 9fac8ccf5f4..a40f39f7bff 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2018-08-17  Tom Tromey  <tom@tromey.com>
+
+	* cli/cli-script.c (read_next_line): Pass 0 as repeat argument to
+	command_line_input.
+
 2018-08-15  Tom Tromey  <tom@tromey.com>
 
 	* aarch64-linux-tdep.c (aarch64_linux_core_read_vq): Use pulongest.
diff --git a/gdb/cli/cli-script.c b/gdb/cli/cli-script.c
index 6f31a400197..d03b3bcf60b 100644
--- a/gdb/cli/cli-script.c
+++ b/gdb/cli/cli-script.c
@@ -903,7 +903,7 @@ read_next_line (void)
   else
     prompt_ptr = NULL;
 
-  return command_line_input (prompt_ptr, from_tty, "commands");
+  return command_line_input (prompt_ptr, 0, "commands");
 }
 
 /* Return true if CMD's name is NAME.  */