[PATCH] Fix out-of-bounds read in tui_addr_is_displayed

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] Fix out-of-bounds read in tui_addr_is_displayed

Bogdan Harjoc
In tui_addr_is_displayed(), if win_info->content.size() is less than 2, then

  win_info->content.size () - threshold

will wrap to SIZE_MAX if threshold = SCROLL_THRESHOLD = 2.

The attached patch avoids calling win_info->content[i] below with i=0
which is past the end of the vector of size 0.

Bogdan

gdb-tui_addr_is_displayed-underflow.patch (564 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Fix out-of-bounds read in tui_addr_is_displayed

Tom Tromey-2
>>>>> "Bogdan" == Bogdan Harjoc <[hidden email]> writes:

Bogdan> In tui_addr_is_displayed(), if win_info->content.size() is less than 2, then
win_info-> content.size () - threshold

Bogdan> will wrap to SIZE_MAX if threshold = SCROLL_THRESHOLD = 2.

Bogdan> The attached patch avoids calling win_info->content[i] below with i=0
Bogdan> which is past the end of the vector of size 0.

Thank you for the patch.  Nice catch.

This needs a ChangeLog entry but is otherwise ok.

Tom