xiaobai created this revision.
I have found a way to segfault lldb in 7 keystrokes! Steps to reproduce:
1. Launch lldb
2. Type `print` and hit enter. lldb will now prompt you to type a list of
expressions, followed by an empty line.
3. Hit enter, indicating the end of your input.
4. Segfault!
After some investigation, I've found the issue in Host/common/Editline.cpp.
Editline::MoveCursor() relies on m_input_lines not being empty when the `to`
argument is CursorPosition::BlockEnd. This scenario, as far as I can tell,
occurs in one specific instance: In Editline::EndOrAddLineCommand() when the
list of lines being processed contains exactly one string (""). Meeting this
condition is fairly simple, I have posted steps to reproduce above.
I see two options: check if the state of m_input_lines is valid while inside
Editline::MoveCursor(), or validate the state of m_input_lines before calling
Editline::MoveCursor(). I have chosen to do the latter, for these 2 reason:
1. This happens in one spot in under very specific conditions. Check for it
when it could occur, not every time you call Editline::MoveCursor().
2. I'm not sure how Editline::MoveCursor() should behave when m_input_lines is
empty, nor am I sure if it should be called. I have roughly 4-5 hours
experience with the code in Editline.cpp over the course of about 2 days, so
I'm treating this as a learning opportunity. :)
Let me know what you think and/or if you want more context. Thanks!
https://reviews.llvm.org/D32421
Files:
source/Host/common/Editline.cpp
Index: source/Host/common/Editline.cpp
===================================================================
--- source/Host/common/Editline.cpp
+++ source/Host/common/Editline.cpp
@@ -637,7 +637,11 @@
}
}
}
- MoveCursor(CursorLocation::EditingCursor, CursorLocation::BlockEnd);
+ // If the only line in m_input_lines was the empty string, m_input_lines
+ // will be empty.
+ if (!m_input_lines.empty()) {
+ MoveCursor(CursorLocation::EditingCursor, CursorLocation::BlockEnd);
+ }
fprintf(m_output_file, "\n");
m_editor_status = EditorStatus::Complete;
return CC_NEWLINE;
Index: source/Host/common/Editline.cpp
===================================================================
--- source/Host/common/Editline.cpp
+++ source/Host/common/Editline.cpp
@@ -637,7 +637,11 @@
}
}
}
- MoveCursor(CursorLocation::EditingCursor, CursorLocation::BlockEnd);
+ // If the only line in m_input_lines was the empty string, m_input_lines
+ // will be empty.
+ if (!m_input_lines.empty()) {
+ MoveCursor(CursorLocation::EditingCursor, CursorLocation::BlockEnd);
+ }
fprintf(m_output_file, "\n");
m_editor_status = EditorStatus::Complete;
return CC_NEWLINE;
_______________________________________________
lldb-commits mailing list
lldb-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
