Print this page
3953 Calling ::list without specifying the name of the next member causes mdb to core dump
Reviewed by: Christopher Siden <christopher.siden@delphix.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>

@@ -22,11 +22,11 @@
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
 /*
- * Copyright (c) 2012 by Delphix. All rights reserved.
+ * Copyright (c) 2013 by Delphix. All rights reserved.
  * Copyright (c) 2012 Joyent, Inc. All rights reserved.
  */
 
 #include <mdb/mdb_modapi.h>
 #include <mdb/mdb_target.h>

@@ -705,13 +705,14 @@
                 return (DCMD_USAGE);
 
         if (argv->a_type != MDB_TYPE_STRING) {
                 /*
                  * We are being given a raw offset in lieu of a type and
-                 * member; confirm the arguments.
+                 * member; confirm the number of arguments and argument
+                 * type.
                  */
-                if (argv->a_type != MDB_TYPE_IMMEDIATE)
+                if (argc != 1 || argv->a_type != MDB_TYPE_IMMEDIATE)
                         return (DCMD_USAGE);
 
                 offset = argv->a_un.a_val;
 
                 argv++;

@@ -724,10 +725,17 @@
         } else {
                 const char *member;
                 char buf[MDB_SYM_NAMLEN];
                 int ret;
 
+                /*
+                 * Check that we were provided 2 arguments: a type name
+                 * and a member of that type.
+                 */
+                if (argc != 2)
+                        return (DCMD_USAGE);
+
                 ret = args_to_typename(&argc, &argv, buf, sizeof (buf));
                 if (ret != 0)
                         return (ret);
 
                 argv++;