[Lldb-commits] [PATCH] D64995: [lldb] Fix crash when tab-completing in multi-line expr

Raphael Isemann via Phabricator via lldb-commits lldb-commits at lists.llvm.org
Fri Jul 19 07:40:26 PDT 2019 

teemperor created this revision.
teemperor added a reviewer: shafik.
Herald added subscribers: lldb-commits, abidh.
Herald added a project: LLDB.
teemperor added a comment.

> I don't see any way to test this as the *multiline* expression completion is completely untested at the moment and I don't think we have any existing code for testing infrastructure for it.

Correct me if I'm wrong with this. I know we never test this functionality (as the whole IOHandler business is tricky to test), but I'm not sure if we maybe have some funky way around it.

Otherwise I would say we merge this as-is, as I don't want to have an obvious bug around until we find a method to test the interactive IO code.


Tab completing inside the multiline expression command can cause LLDB to crash. The easiest way
to do this is to go inside a frame with at least one local variable and then try to complete:

  (lldb) expr
  1. a[tab]

Reason for this was some mixup when we calculate the cursor position. Obviously we should calculate
the offset inside the string by doing 'end - start', but we are doing 'start - end' (which causes the offset to
become -1 which will lead to some out-of-bounds reading).

Fixes rdar://51754005

I don't see any way to test this as the *multiline* expression completion is completely untested at the moment
and I don't think we have any existing code for testing infrastructure for it.


Repository:
  rLLDB LLDB

https://reviews.llvm.org/D64995

Files:
  lldb/source/Core/IOHandler.cpp


Index: lldb/source/Core/IOHandler.cpp
===================================================================
--- lldb/source/Core/IOHandler.cpp
+++ lldb/source/Core/IOHandler.cpp
@@ -233,7 +233,7 @@
         matches, descriptions);
   case Completion::Expression: {
     CompletionResult result;
-    CompletionRequest request(current_line, current_line - cursor,
+    CompletionRequest request(current_line, cursor - current_line,
                               skip_first_n_matches, max_matches, result);
     CommandCompletions::InvokeCommonCompletionCallbacks(
         io_handler.GetDebugger().GetCommandInterpreter(),


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D64995.210833.patch
Type: text/x-patch
Size: 621 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20190719/7b558f1d/attachment.bin>

More information about the lldb-commits mailing list