[Lldb-commits] [PATCH] D32421: Fix segfault resulting from empty print prompt
Alex Langford via Phabricator via lldb-commits
lldb-commits at lists.llvm.org
Mon Apr 24 01:10:19 PDT 2017
xiaobai created this revision.
I have found a way to segfault lldb in 7 keystrokes! Steps to reproduce:
1. Launch lldb
2. Type `print` and hit enter. lldb will now prompt you to type a list of expressions, followed by an empty line.
3. Hit enter, indicating the end of your input.
4. Segfault!
After some investigation, I've found the issue in Host/common/Editline.cpp.
Editline::MoveCursor() relies on m_input_lines not being empty when the `to`
argument is CursorPosition::BlockEnd. This scenario, as far as I can tell,
occurs in one specific instance: In Editline::EndOrAddLineCommand() when the
list of lines being processed contains exactly one string (""). Meeting this
condition is fairly simple, I have posted steps to reproduce above.
I see two options: check if the state of m_input_lines is valid while inside
Editline::MoveCursor(), or validate the state of m_input_lines before calling
Editline::MoveCursor(). I have chosen to do the latter, for these 2 reason:
1. This happens in one spot in under very specific conditions. Check for it
when it could occur, not every time you call Editline::MoveCursor().
2. I'm not sure how Editline::MoveCursor() should behave when m_input_lines is
empty, nor am I sure if it should be called. I have roughly 4-5 hours
experience with the code in Editline.cpp over the course of about 2 days, so
I'm treating this as a learning opportunity. :)
Let me know what you think and/or if you want more context. Thanks!
https://reviews.llvm.org/D32421
Files:
source/Host/common/Editline.cpp
Index: source/Host/common/Editline.cpp
===================================================================
--- source/Host/common/Editline.cpp
+++ source/Host/common/Editline.cpp
@@ -637,7 +637,11 @@
}
}
}
- MoveCursor(CursorLocation::EditingCursor, CursorLocation::BlockEnd);
+ // If the only line in m_input_lines was the empty string, m_input_lines
+ // will be empty.
+ if (!m_input_lines.empty()) {
+ MoveCursor(CursorLocation::EditingCursor, CursorLocation::BlockEnd);
+ }
fprintf(m_output_file, "\n");
m_editor_status = EditorStatus::Complete;
return CC_NEWLINE;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D32421.96353.patch
Type: text/x-patch
Size: 602 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20170424/d822deea/attachment.bin>
More information about the lldb-commits
mailing list