From: Daniel Jacobowitz <drow@mvista.com>
To: gdb-patches@sources.redhat.com
Subject: [RFA] Remove some sprintfs from vCont client support
Date: Tue, 02 Dec 2003 16:07:00 -0000 [thread overview]
Message-ID: <20031202160704.GA22220@nevyn.them.org> (raw)
In-Reply-To: <20031016225328.GA1542@nevyn.them.org>
On Thu, Oct 16, 2003 at 06:53:28PM -0400, Daniel Jacobowitz wrote:
> On Thu, Oct 16, 2003 at 06:27:07PM -0400, Andrew Cagney wrote:
> > >There are two probems:
> > >>
> > >>- the buffer can get very very large and that can blow the stack
If that concerns you then I suggest the alloca's in putpkt_binary,
which I found while fixing this. That's a whole lot more worrisome,
since there's one as big as the packet plus one as big as the max
packet length.
> > >>- it isn't possible to audit this code (with out a deep understanding of
> > >>that value) and hence demonstrate that the sprintf won't smash the
> > >>stack/heap
> > >>
> > >>You'll need to also change the sprintf to snprintf (parameterized with
> > >>remote_packet_size.
> > >
> > >
> > >I don't see a point in doing that until someone expresses interest in
> > >thread locking or some other feature which requires adding to the code.
> > >The maximum length of any generated vcont packet is the length of:
> > > vCont;C01:12341468;C02
> > >The minimum possible buffer size is about twenty times that.
> >
> > I wrote "it isn't possible to audit this code (with out a deep
> > understanding of that [remote_packet_size] value)". The code should be
> > locally robust.
>
> I wouldn't call the minimum size a deep understanding. It isn't
> documented anywhere in the code but I think that it should be.
>
> But I'll fix it next week.
OK, so it wasn't the next week. I took advantage of the new xstrprintf
function to get something I'm happy with. How about you, Andrew - is
this patch OK?
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer
2003-12-02 Daniel Jacobowitz <drow@mvista.com>
* remote.c (remote_vcont_resume): Use xstrprintf instead of sprintf.
Index: remote.c
===================================================================
RCS file: /cvs/src/src/gdb/remote.c,v
retrieving revision 1.122
diff -u -p -r1.122 remote.c
--- remote.c 10 Nov 2003 21:20:44 -0000 1.122
+++ remote.c 2 Dec 2003 15:57:33 -0000
@@ -2578,7 +2578,7 @@ remote_vcont_resume (ptid_t ptid, int st
{
struct remote_state *rs = get_remote_state ();
int pid = PIDGET (ptid);
- char *buf = NULL;
+ char *buf = NULL, *outbuf;
struct cleanup *old_cleanup;
buf = xmalloc (rs->remote_packet_size);
@@ -2603,40 +2603,45 @@ remote_vcont_resume (ptid_t ptid, int st
don't have any PID numbers the inferior will understand. Make sure
to only send forms that do not specify a PID. */
if (step && siggnal != TARGET_SIGNAL_0)
- sprintf (buf, "vCont;S%02x", siggnal);
+ outbuf = xstrprintf ("vCont;S%02x", siggnal);
else if (step)
- sprintf (buf, "vCont;s");
+ outbuf = xstrprintf ("vCont;s");
else if (siggnal != TARGET_SIGNAL_0)
- sprintf (buf, "vCont;C%02x", siggnal);
+ outbuf = xstrprintf ("vCont;C%02x", siggnal);
else
- sprintf (buf, "vCont;c");
+ outbuf = xstrprintf ("vCont;c");
}
else if (pid == -1)
{
/* Resume all threads, with preference for INFERIOR_PTID. */
if (step && siggnal != TARGET_SIGNAL_0)
- sprintf (buf, "vCont;S%02x:%x;c", siggnal, PIDGET (inferior_ptid));
+ outbuf = xstrprintf ("vCont;S%02x:%x;c", siggnal,
+ PIDGET (inferior_ptid));
else if (step)
- sprintf (buf, "vCont;s:%x;c", PIDGET (inferior_ptid));
+ outbuf = xstrprintf ("vCont;s:%x;c", PIDGET (inferior_ptid));
else if (siggnal != TARGET_SIGNAL_0)
- sprintf (buf, "vCont;C%02x:%x;c", siggnal, PIDGET (inferior_ptid));
+ outbuf = xstrprintf ("vCont;C%02x:%x;c", siggnal,
+ PIDGET (inferior_ptid));
else
- sprintf (buf, "vCont;c");
+ outbuf = xstrprintf ("vCont;c");
}
else
{
/* Scheduler locking; resume only PTID. */
if (step && siggnal != TARGET_SIGNAL_0)
- sprintf (buf, "vCont;S%02x:%x", siggnal, pid);
+ outbuf = xstrprintf ("vCont;S%02x:%x", siggnal, pid);
else if (step)
- sprintf (buf, "vCont;s:%x", pid);
+ outbuf = xstrprintf ("vCont;s:%x", pid);
else if (siggnal != TARGET_SIGNAL_0)
- sprintf (buf, "vCont;C%02x:%x", siggnal, pid);
+ outbuf = xstrprintf ("vCont;C%02x:%x", siggnal, pid);
else
- sprintf (buf, "vCont;c:%x", pid);
+ outbuf = xstrprintf ("vCont;c:%x", pid);
}
- putpkt (buf);
+ gdb_assert (outbuf && strlen (outbuf) < rs->remote_packet_size);
+ make_cleanup (xfree, outbuf);
+
+ putpkt (outbuf);
do_cleanups (old_cleanup);
next prev parent reply other threads:[~2003-12-02 16:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-29 15:28 RFA/RFC: vCont for the remote protocol [client] Daniel Jacobowitz
2003-09-30 21:17 ` Daniel Jacobowitz
2003-10-15 0:15 ` Andrew Cagney
2003-10-16 20:31 ` Daniel Jacobowitz
2003-10-16 21:18 ` Andrew Cagney
2003-10-16 22:14 ` Daniel Jacobowitz
2003-10-16 22:27 ` Andrew Cagney
2003-10-16 22:53 ` Daniel Jacobowitz
2003-12-02 16:07 ` Daniel Jacobowitz [this message]
2003-12-03 4:25 ` [RFA] Remove some sprintfs from vCont client support Andrew Cagney
2004-01-18 3:39 ` Daniel Jacobowitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031202160704.GA22220@nevyn.them.org \
--to=drow@mvista.com \
--cc=gdb-patches@sources.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox