From 5ea5559b9aab3618955d6d38934828e9d5749bea Mon Sep 17 00:00:00 2001
From: Andrew Burgess <aburgess@broadcom.com>
Date: Tue, 16 Jul 2013 21:12:14 +0000
Subject: [PATCH] Check for NULL character before calling strchr.

  http://sourceware.org/ml/gdb-patches/2013-07/msg00322.html

gdb/ChangeLog

        * common/format.c (parse_format_string): Add checks for NULL
        character before calling strchr.

gdb/testsuite/ChangeLog

        * gdb.base/printcmds.exp (test_printf): Add tests for format
        strings with missing format specifier.
---
 gdb/ChangeLog                        | 5 +++++
 gdb/common/format.c                  | 6 +++---
 gdb/testsuite/ChangeLog              | 5 +++++
 gdb/testsuite/gdb.base/printcmds.exp | 6 ++++++
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 67ce94b..a0f22da 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2013-07-16  Andrew Burgess  <aburgess@broadcom.com>
+
+	* common/format.c (parse_format_string): Add checks for NULL
+	character before calling strchr.
+
 2013-07-16  Doug Evans  <dje@google.com>
 
 	* solist.h (target_so_ops.find_and_open_solib): Clarify usage of
diff --git a/gdb/common/format.c b/gdb/common/format.c
index 5803818..1bdd253 100644
--- a/gdb/common/format.c
+++ b/gdb/common/format.c
@@ -156,7 +156,7 @@ parse_format_string (const char **arg)
 
 	/* The first part of a format specifier is a set of flag
 	   characters.  */
-	while (strchr ("0-+ #", *f))
+	while (*f != '\0' && strchr ("0-+ #", *f))
 	  {
 	    if (*f == '#')
 	      seen_hash = 1;
@@ -170,7 +170,7 @@ parse_format_string (const char **arg)
 	  }
 
 	/* The next part of a format specifier is a width.  */
-	while (strchr ("0123456789", *f))
+	while (*f != '\0' && strchr ("0123456789", *f))
 	  f++;
 
 	/* The next part of a format specifier is a precision.  */
@@ -178,7 +178,7 @@ parse_format_string (const char **arg)
 	  {
 	    seen_prec = 1;
 	    f++;
-	    while (strchr ("0123456789", *f))
+	    while (*f != '\0' && strchr ("0123456789", *f))
 	      f++;
 	  }
 
diff --git a/gdb/testsuite/ChangeLog b/gdb/testsuite/ChangeLog
index 885f405..ddd00ea 100644
--- a/gdb/testsuite/ChangeLog
+++ b/gdb/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2013-07-16  Andrew Burgess  <aburgess@broadcom.com>
+
+	* gdb.base/printcmds.exp (test_printf): Add tests for format
+	strings with missing format specifier.
+
 2013-07-16  Tom Tromey  <tromey@redhat.com>
 
 	* gdb.ada/info_types.exp: Use standard_testfile.
diff --git a/gdb/testsuite/gdb.base/printcmds.exp b/gdb/testsuite/gdb.base/printcmds.exp
index 0597ab0..0c06557 100644
--- a/gdb/testsuite/gdb.base/printcmds.exp
+++ b/gdb/testsuite/gdb.base/printcmds.exp
@@ -718,6 +718,12 @@ proc test_printf {} {
     # Regression test for "%% at end of format string.
     # See http://sourceware.org/bugzilla/show_bug.cgi?id=11345
     gdb_test "printf \"%%%d%%\\n\", 5" "%5%"
+
+    # Some tests for missing format specifier after '%'.
+    gdb_test "printf \"%\", 0" "Incomplete format specifier at end of format string"
+    gdb_test "printf \"%.234\", 0" "Incomplete format specifier at end of format string"
+    gdb_test "printf \"%-\", 0" "Incomplete format specifier at end of format string"
+    gdb_test "printf \"%-23\", 0" "Incomplete format specifier at end of format string"
 }
 
 #Test printing DFP values with printf
-- 
2.7.4