This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[ob] Fix crash on parsing mangled gdbserver protocol
- From: Jan Kratochvil <jan dot kratochvil at redhat dot com>
- To: gdb-patches at sourceware dot org
- Date: Tue, 9 Dec 2008 17:41:37 +0100
- Subject: [ob] Fix crash on parsing mangled gdbserver protocol
Hi,
I got accidentally mangled the gdbserver output and GDB itself crashed (while
running gdb.server/ext-run.exp). Checked in as obvious (there is really no
access to the autovariable `cached_reg' between the two patch chunks).
Program terminated with signal 11, Segmentation fault.
[New process 12780]
#0 0x00000000005625c9 in remote_parse_stop_reply (
buf=0x29283a0 "T0506:1012e01bff7f0000;07:5810e01bff7f0000;10:41f480cf34000000;thread:31f4;", event=0x2927f90) at remote.c:4308
4308 cached_reg.num = reg->regnum;
(gdb) l
4303 else
4304 {
4305 struct packet_reg *reg = packet_reg_from_pnum (rsa, pnum);
4306 cached_reg_t cached_reg;
4307
4308 cached_reg.num = reg->regnum;
4309
4310 p = p1;
4311
4312 if (*p != ':')
(gdb) p reg
$1 = (struct packet_reg *) 0x0
Regards,
Jan
http://sourceware.org/ml/gdb-cvs/2008-12/msg00036.html
2008-12-09 Jan Kratochvil <jan.kratochvil@redhat.com>
* remote.c (remote_parse_stop_reply): Use REG only after its NULL check.
===================================================================
RCS file: /cvs/src/src/gdb/remote.c,v
retrieving revision 1.331
retrieving revision 1.332
diff -u -r1.331 -r1.332
--- src/gdb/remote.c 2008/12/02 07:57:36 1.331
+++ src/gdb/remote.c 2008/12/09 16:36:15 1.332
@@ -4305,8 +4305,6 @@
struct packet_reg *reg = packet_reg_from_pnum (rsa, pnum);
cached_reg_t cached_reg;
- cached_reg.num = reg->regnum;
-
p = p1;
if (*p != ':')
@@ -4320,6 +4318,8 @@
Packet: '%s'\n"),
phex_nz (pnum, 0), p, buf);
+ cached_reg.num = reg->regnum;
+
fieldsize = hex2bin (p, cached_reg.data,
register_size (target_gdbarch,
reg->regnum));