From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-28009-listarch-gdb-patches=sources.redhat.com@sources.redhat.com>
Received: (qmail 15191 invoked by alias); 16 Oct 2003 22:27:07 -0000
Mailing-List: contact gdb-patches-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:gdb-patches-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sources.redhat.com>
List-Help: <mailto:gdb-patches-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: gdb-patches-owner@sources.redhat.com
Received: (qmail 15175 invoked from network); 16 Oct 2003 22:27:06 -0000
Received: from unknown (HELO localhost.redhat.com) (207.219.125.105)
  by sources.redhat.com with SMTP; 16 Oct 2003 22:27:06 -0000
Received: from redhat.com (localhost [127.0.0.1])
	by localhost.redhat.com (Postfix) with ESMTP
	id 6853E2B89; Thu, 16 Oct 2003 18:27:07 -0400 (EDT)
Message-ID: <3F8F1B3B.7000904@redhat.com>
Date: Thu, 16 Oct 2003 22:27:00 -0000
From: Andrew Cagney <ac131313@redhat.com>
User-Agent: Mozilla/5.0 (X11; U; NetBSD macppc; en-US; rv:1.0.2) Gecko/20030820
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Daniel Jacobowitz <drow@mvista.com>
Cc: gdb-patches@sources.redhat.com
Subject: Re: RFA/RFC: vCont for the remote protocol [client]
References: <20030929152831.GA23286@nevyn.them.org> <20030930211717.GB19869@nevyn.them.org> <3F8C917C.1080708@gnu.org> <20031016203156.GA24204@nevyn.them.org> <3F8F0B2B.9080506@redhat.com> <20031016221433.GA553@nevyn.them.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-SW-Source: 2003-10/txt/msg00570.txt.bz2

> There are two probems:
>> 
>> - the buffer can get very very large and that can blow the stack
>> - it isn't possible to audit this code (with out a deep understanding of 
>> that value) and hence demonstrate that the sprintf won't smash the 
>> stack/heap
>> 
>> You'll need to also change the sprintf to snprintf (parameterized with 
>> remote_packet_size.
> 
> 
> I don't see a point in doing that until someone expresses interest in
> thread locking or some other feature which requires adding to the code. 
> The maximum length of any generated vcont packet is the length of:
>    vCont;C01:12341468;C02
> The minimum possible buffer size is about twenty times that.

I wrote "it isn't possible to audit this code (with out a deep 
understanding of that [remote_packet_size] value)".  The code should be 
locally robust.

Andrew