This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[patch] [gdbserver] Fix memory corruption

From: Jan Kratochvil <jan dot kratochvil at redhat dot com>
To: gdb-patches at sourceware dot org
Date: Tue, 1 Mar 2011 22:34:28 +0100
Subject: [patch] [gdbserver] Fix memory corruption

Hi,

gdb.server/ext-run.exp always crashes during the nightly regression tests:
	info os processes
	memory clobbered past end of allocated block
	Remote communication error.  Target disconnected.: Connection reset by peer.
	(gdb) FAIL: gdb.server/ext-run.exp: get process list (pattern 1)

Probably OK to check in but I rather ask.

To make it easily reproducible one can disable try_rle() by patching it:
+return 1;
   /* Don't go past '~'.  */

So that putpkt_binary_1's cnt == 16383 will overrun PBUFSIZ 16384 by 4 bytes.


Thanks,
Jan


gdb/gdbserver/
2011-03-01  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* remote-utils.c (putpkt_binary_1): Calculate BUF2 size dynamically.

--- a/gdb/gdbserver/remote-utils.c
+++ b/gdb/gdbserver/remote-utils.c
@@ -725,7 +725,7 @@ putpkt_binary_1 (char *buf, int cnt, int is_notif)
   char *p;
   int cc;
 
-  buf2 = xmalloc (PBUFSIZ);
+  buf2 = xmalloc (1 + cnt + 4);
 
   /* Copy the packet into buffer BUF2, encapsulating it
      and giving it a checksum.  */

Follow-Ups:
- Re: [patch] [gdbserver] Fix memory corruption
  - From: Pedro Alves

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]