From 6694c4110a37bc951d01132d6e56445d57350627 Mon Sep 17 00:00:00 2001
From: Jan Kratochvil <jan.kratochvil@redhat.com>
Date: Tue, 19 Aug 2014 22:55:10 +0200
Subject: [PATCH] Fix -fsanitize=address on unreadable inferior strings

echo 'void f(char *s){}main(){f((char *)1);}'|gcc -g -x c -;../gdb ./a.out -ex 'b f' -ex r
====ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000aaccf at pc 0x96eea7 bp 0x7fff75bdbc90 sp 0x7fff75bdbc80
READ of size 1 at 0x6020000aaccf thread T0
    #0 0x96eea6 in extract_unsigned_integer .../gdb/findvar.c:108
    #1 0x9df02b in val_print_string .../gdb/valprint.c:2513
[...]
0x6020000aaccf is located 1 bytes to the left of 8-byte region [0x6020000aacd0,0x6020000aacd8)
allocated by thread T0 here:
    #0 0x7f45fad26b97 in malloc (/lib64/libasan.so.1+0x57b97)
    #1 0xdb3409 in xmalloc common/common-utils.c:45
    #2 0x9d8cf9 in read_string .../gdb/valprint.c:1845
    #3 0x9defca in val_print_string .../gdb/valprint.c:2502
[..]
====ABORTING

gdb/
2014-08-18  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Fix -fsanitize=address on unreadable inferior strings.
	* valprint.c (val_print_string): Fix access before BUFFER.
---
 gdb/ChangeLog  | 5 +++++
 gdb/valprint.c | 6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index f35ba1b..6704916 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2014-08-19  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	Fix -fsanitize=address on unreadable inferior strings.
+	* valprint.c (val_print_string): Fix access before BUFFER.
+
 2014-08-19  Simon Marchi  <simon.marchi@ericsson.com>
 
 	* target.c (target_struct_size): Remove.
diff --git a/gdb/valprint.c b/gdb/valprint.c
index d3ab267..a87d67c 100644
--- a/gdb/valprint.c
+++ b/gdb/valprint.c
@@ -2510,8 +2510,10 @@ val_print_string (struct type *elttype, const char *encoding,
      LEN is -1.  */
 
   /* Determine found_nul by looking at the last character read.  */
-  found_nul = extract_unsigned_integer (buffer + bytes_read - width, width,
-					byte_order) == 0;
+  found_nul = 0;
+  if (bytes_read >= width)
+    found_nul = extract_unsigned_integer (buffer + bytes_read - width, width,
+					  byte_order) == 0;
   if (len == -1 && !found_nul)
     {
       gdb_byte *peekbuf;
-- 
2.7.4