This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hello, Looks like there is a one byte overflow in most gdb/*-stub.c:getpacket(). The "while (count < BUFMAX)" may be exited when count == BUFMAX. Which mean "buffer[count] = 0" may overflow the array. Of course if count reaches BUFMAX there is probably a problem anyway and I don't see any way this overflow could be exploited by an attacker. But it's still a bug. The obvious fix is to change the while condition to "count < BUFMAX - 1". Adrien "Krunch" Kunysz
Attachment:
gdb-off-by-one.diff
Description: Text document
Attachment:
ChangeLog
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |