From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10667 invoked by alias); 1 Mar 2011 21:34:45 -0000 Received: (qmail 10586 invoked by uid 22791); 1 Mar 2011 21:34:44 -0000 X-SWARE-Spam-Status: No, hits=-6.3 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 01 Mar 2011 21:34:33 +0000 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p21LYVcg020873 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 1 Mar 2011 16:34:31 -0500 Received: from host1.dyn.jankratochvil.net (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p21LYTko014184 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 1 Mar 2011 16:34:31 -0500 Received: from host1.dyn.jankratochvil.net (localhost [127.0.0.1]) by host1.dyn.jankratochvil.net (8.14.4/8.14.4) with ESMTP id p21LYTX1016201 for ; Tue, 1 Mar 2011 22:34:29 +0100 Received: (from jkratoch@localhost) by host1.dyn.jankratochvil.net (8.14.4/8.14.4/Submit) id p21LYSlV016200 for gdb-patches@sourceware.org; Tue, 1 Mar 2011 22:34:28 +0100 Date: Tue, 01 Mar 2011 21:34:00 -0000 From: Jan Kratochvil To: gdb-patches@sourceware.org Subject: [patch] [gdbserver] Fix memory corruption Message-ID: <20110301213428.GA15991@host1.dyn.jankratochvil.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-03/txt/msg00050.txt.bz2 Hi, gdb.server/ext-run.exp always crashes during the nightly regression tests: info os processes memory clobbered past end of allocated block Remote communication error. Target disconnected.: Connection reset by peer. (gdb) FAIL: gdb.server/ext-run.exp: get process list (pattern 1) Probably OK to check in but I rather ask. To make it easily reproducible one can disable try_rle() by patching it: +return 1; /* Don't go past '~'. */ So that putpkt_binary_1's cnt == 16383 will overrun PBUFSIZ 16384 by 4 bytes. Thanks, Jan gdb/gdbserver/ 2011-03-01 Jan Kratochvil * remote-utils.c (putpkt_binary_1): Calculate BUF2 size dynamically. --- a/gdb/gdbserver/remote-utils.c +++ b/gdb/gdbserver/remote-utils.c @@ -725,7 +725,7 @@ putpkt_binary_1 (char *buf, int cnt, int is_notif) char *p; int cc; - buf2 = xmalloc (PBUFSIZ); + buf2 = xmalloc (1 + cnt + 4); /* Copy the packet into buffer BUF2, encapsulating it and giving it a checksum. */