From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-28002-listarch-gdb-patches=sources.redhat.com@sources.redhat.com>
Received: (qmail 21949 invoked by alias); 16 Oct 2003 21:18:36 -0000
Mailing-List: contact gdb-patches-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:gdb-patches-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sources.redhat.com>
List-Help: <mailto:gdb-patches-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: gdb-patches-owner@sources.redhat.com
Received: (qmail 21941 invoked from network); 16 Oct 2003 21:18:34 -0000
Received: from unknown (HELO localhost.redhat.com) (207.219.125.105)
  by sources.redhat.com with SMTP; 16 Oct 2003 21:18:34 -0000
Received: from redhat.com (localhost [127.0.0.1])
	by localhost.redhat.com (Postfix) with ESMTP
	id 97CFE2B89; Thu, 16 Oct 2003 17:18:35 -0400 (EDT)
Message-ID: <3F8F0B2B.9080506@redhat.com>
Date: Thu, 16 Oct 2003 21:18:00 -0000
From: Andrew Cagney <ac131313@redhat.com>
User-Agent: Mozilla/5.0 (X11; U; NetBSD macppc; en-US; rv:1.0.2) Gecko/20030820
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Daniel Jacobowitz <drow@mvista.com>
Cc: gdb-patches@sources.redhat.com
Subject: Re: RFA/RFC: vCont for the remote protocol [client]
References: <20030929152831.GA23286@nevyn.them.org> <20030930211717.GB19869@nevyn.them.org> <3F8C917C.1080708@gnu.org> <20031016203156.GA24204@nevyn.them.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-SW-Source: 2003-10/txt/msg00563.txt.bz2


> Is GDB trying to move away from alloca?  The internals manual says:
> 
>    GDB can use the non-portable function `alloca' for the allocation of
>    small temporary values (such as strings).

> So I use it to avoid cleanups.  OTOH, it occurs to me that
> rs->remote_packet_size is a bit large; OTOOH, remote.c uses this idiom
> all over the place already.
> 
> I've used xmalloc instead, since the buf is used for getpkt and thus
> must be remote_packet_size large.
> 
> Here's what I am about to check in.

There are two probems:

- the buffer can get very very large and that can blow the stack
- it isn't possible to audit this code (with out a deep understanding of 
that value) and hence demonstrate that the sprintf won't smash the 
stack/heap

You'll need to also change the sprintf to snprintf (parameterized with 
remote_packet_size.

Andrew