From: Tom Tromey <tromey@adacore.com>
Date: Mon, 9 Sep 2024 17:29:12 +0000 (-0600)
Subject: Fix latent crash in ada_variant_discrim_name
X-Git-Tag: binutils-2_45~1352
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=56ddbf72843c0fa1badd68e71c5ba076f626c5c5;p=thirdparty%2Fbinutils-gdb.git

Fix latent crash in ada_variant_discrim_name

ada_variant_discrim_name does this:

  for (discrim_end = name + strlen (name) - 6; discrim_end != name;

If NAME is too short, this will construct an invalid pointer, perhaps
causing a crash.

This patch arranges to check the length first.
---

diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
index 95ceb10d3ab..aef2b1debba 100644
--- a/gdb/ada-lang.c
+++ b/gdb/ada-lang.c
@@ -6685,8 +6685,10 @@ ada_variant_discrim_name (struct type *type0)
   if (name == NULL || name[0] == '\000')
     return "";
 
-  for (discrim_end = name + strlen (name) - 6; discrim_end != name;
-       discrim_end -= 1)
+  size_t len = strlen (name);
+  if (len < 6)
+    return "";
+  for (discrim_end = name + len - 6; discrim_end != name; discrim_end -= 1)
     {
       if (startswith (discrim_end, "___XVN"))
 	break;