From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id tDFZFh4XzF+wZAAAWB0awg (envelope-from ) for ; Sat, 05 Dec 2020 18:26:22 -0500 Received: by simark.ca (Postfix, from userid 112) id 4E9651F0B8; Sat, 5 Dec 2020 18:26:22 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id B53ED1E590 for ; Sat, 5 Dec 2020 18:26:21 -0500 (EST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4F7763857832; Sat, 5 Dec 2020 23:26:21 +0000 (GMT) Received: from simark.ca (simark.ca [158.69.221.121]) by sourceware.org (Postfix) with ESMTPS id BCBC63857832 for ; Sat, 5 Dec 2020 23:26:18 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org BCBC63857832 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=simark.ca Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=simark@simark.ca Received: from [10.0.0.11] (173-246-6-90.qc.cable.ebox.net [173.246.6.90]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPSA id B7B021E590; Sat, 5 Dec 2020 18:26:17 -0500 (EST) Subject: Re: [RFAv2 2/2] gmp-utils: protect gdb_mpz exports against out-of-range values To: Joel Brobecker , gdb-patches@sourceware.org References: <1606664757-144138-3-git-send-email-brobecker@adacore.com> <1607155855-98060-1-git-send-email-brobecker@adacore.com> From: Simon Marchi Message-ID: <81e474e9-562b-0398-2982-6d3ecbdc2fb2@simark.ca> Date: Sat, 5 Dec 2020 18:26:17 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: <1607155855-98060-1-git-send-email-brobecker@adacore.com> Content-Type: text/plain; charset=utf-8 Content-Language: fr Content-Transfer-Encoding: 7bit X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces@sourceware.org Sender: "Gdb-patches" On 2020-12-05 3:10 a.m., Joel Brobecker wrote: > @@ -81,13 +133,26 @@ gdb_mpz::write (gdb::array_view buf, enum bfd_endian byte_order, > mpz_add (exported_val.val, exported_val.val, neg_offset.val); > } > > + /* Do the export into a buffer allocated by GMP itself; that way, > + we can detect cases where BUF is not large enough to export > + our value, and thus avoid a buffer overlow. Normally, this should > + never happen, since we verified earlier that the buffer is large > + enough to accomodate our value, but doing this allows us to be > + extra safe with the export. > + > + After verification that the export behaved as expected, we will > + copy the data over to BUF. */ > + > + size_t word_countp; > + gdb::unique_xmalloc_ptr exported > + (mpz_export (NULL, &word_countp, -1 /* order */, buf.size () /* size */, > + endian, 0 /* nails */, exported_val.val)); > + > + gdb_assert (word_countp == 1); > + > /* Start by clearing the buffer, as mpz_export only writes as many > - bytes as it needs (including none, if the value to export is zero. */ That comment is now stale. Otherwise, that LGTM. Simon