Fix use-after-free in number_or_range_parser

tromey · tromey · commit 5424be6a70bd · 2018-08-17T17:14:02.000-06:00
-fsanitize=address showed a use-after-free in number_or_range_parser.

The cause was that handle_line_of_input could stash the input into
"saved_command_line", and then this could be freed by reentrant calls.

This fixes the bug by preventing commands that are read by "commands"
from being eligible for repeating.

2018-08-17  Tom Tromey  &lt;tom@tromey.com&gt;

	* cli/cli-script.c (read_next_line): Pass 0 as repeat argument to
	command_line_input.
diff --git a/gdb/ChangeLog b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2018-08-17  Tom Tromey  <tom@tromey.com>
+
+	* cli/cli-script.c (read_next_line): Pass 0 as repeat argument to
+	command_line_input.
+
 2018-07-13  Simon Marchi  <simon.marchi@polymtl.ca>
 
 	* symfile.c (set_objfile_default_section_offset): Remove struct
diff --git a/gdb/cli/cli-script.c b/gdb/cli/cli-script.c
@@ -903,7 +903,7 @@ read_next_line (void)
   else
     prompt_ptr = NULL;
 
-  return command_line_input (prompt_ptr, from_tty, "commands");
+  return command_line_input (prompt_ptr, 0, "commands");
 }
 
 /* Return true if CMD's name is NAME.  */

Original file line number	Diff line number	Diff line change
`@@ -903,7 +903,7 @@ read_next_line (void)`
`903`	`903`	`else`
`904`	`904`	`prompt_ptr = NULL;`
`905`	`905`
`906`		`- return command_line_input (prompt_ptr, from_tty, "commands");`
	`906`	`+ return command_line_input (prompt_ptr, 0, "commands");`
`907`	`907`	`}`
`908`	`908`
`909`	`909`	`/* Return true if CMD's name is NAME. */`